Commit CVE-2022-26122

2025-06-12 02:05:39 +00:00 · 2022-11-02 10:15:09 +01:00 · 2022-11-02 10:15:09 +01:00 · 6f239b138c
commit 6f239b138c
parent ca948d3580
1 changed files with 63 additions and 3 deletions
--- a/2022/26xxx/CVE-2022-26122.json
+++ b/2022/26xxx/CVE-2022-26122.json
@ -4,14 +4,74 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-26122",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "psirt@fortinet.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Fortinet",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Fortinet AV Engine, FortiMail, FortiOS, FortiClient",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "AV Engine version 6.2.168 and below and version 6.4.274 and below."
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "Low",
+            "attackVector": "Network",
+            "availabilityImpact": "None",
+            "baseScore": 4.3,
+            "baseSeverity": "Medium",
+            "confidentialityImpact": "None",
+            "integrityImpact": "Low",
+            "privilegesRequired": "None",
+            "scope": "Changed",
+            "userInteraction": "Required",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:U/RC:R",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Denial of service"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/psirt/FG-IR-22-074",
+                "url": "https://fortiguard.com/psirt/FG-IR-22-074"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An insufficient verification of data authenticity vulnerability [CWE-345] in\u00a0FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow\u00a0an attacker to bypass the AV engine via\u00a0manipulating MIME attachment with junk and pad characters in base64."
            }
        ]
    }