From 6f239b138cf8b969eb36b7d8b374165420d137ff Mon Sep 17 00:00:00 2001
From: Fortinet PSIRT Team <psirt_team@fortinet.com>
Date: Wed, 2 Nov 2022 10:15:09 +0100
Subject: [PATCH] Commit CVE-2022-26122

---
 2022/26xxx/CVE-2022-26122.json | 66 ++++++++++++++++++++++++++++++++--
 1 file changed, 63 insertions(+), 3 deletions(-)

diff --git a/2022/26xxx/CVE-2022-26122.json b/2022/26xxx/CVE-2022-26122.json
index efc89ccfba7..46e314285f6 100644
--- a/2022/26xxx/CVE-2022-26122.json
+++ b/2022/26xxx/CVE-2022-26122.json
@@ -4,14 +4,74 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2022-26122",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "psirt@fortinet.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Fortinet",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Fortinet AV Engine, FortiMail, FortiOS, FortiClient",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "AV Engine version 6.2.168 and below and version 6.4.274 and below."
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "Low",
+            "attackVector": "Network",
+            "availabilityImpact": "None",
+            "baseScore": 4.3,
+            "baseSeverity": "Medium",
+            "confidentialityImpact": "None",
+            "integrityImpact": "Low",
+            "privilegesRequired": "None",
+            "scope": "Changed",
+            "userInteraction": "Required",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:U/RC:R",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Denial of service"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/psirt/FG-IR-22-074",
+                "url": "https://fortiguard.com/psirt/FG-IR-22-074"
+            }
+        ]
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An insufficient verification of data authenticity vulnerability [CWE-345] in\u00a0FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow\u00a0an attacker to bypass the AV engine via\u00a0manipulating MIME attachment with junk and pad characters in base64."
             }
         ]
     }