CVE-2022-35846

Name of the Vulnerable Software and Affected Versions FortiTester versions 2.3.0 through 3.9.1 FortiTester versions 4.0.0 through 4.2.0 FortiTester versions 7.0.0 through 7.1.0

Description The issue is related to an improper restriction of excessive authentication attempts, which may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack. This could enable a remote attacker to bypass existing security restrictions.

Recommendations For FortiTester versions 2.3.0 through 3.9.1, consider restricting access to the Telnet port until a patch is available. For FortiTester versions 4.0.0 through 4.2.0, consider implementing additional authentication measures to prevent brute force attacks. For FortiTester versions 7.0.0 through 7.1.0, consider disabling the Telnet port or limiting access to it to minimize the risk of exploitation.