CVE-2022-43947

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.2.0 through 7.2.3 FortiOS versions prior to 7.0.10 FortiProxy versions 7.2.0 through 7.2.2 FortiProxy versions prior to 7.0.8

Description The issue is related to an improper restriction of excessive authentication attempts in the administrative interface of FortiOS and FortiProxy, allowing an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions.

Recommendations For FortiOS versions 7.2.0 through 7.2.3, update to a version that includes the fix for this issue. For FortiOS versions prior to 7.0.10, update to a version that includes the fix for this issue. For FortiProxy versions 7.2.0 through 7.2.2, update to a version that includes the fix for this issue. For FortiProxy versions prior to 7.0.8, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the administrative interface to minimize the risk of exploitation.