Auto-merge PR#7876

2025-06-10 02:04:31 +00:00 · 2022-11-02 08:02:25 -04:00 · 2022-11-02 08:02:25 -04:00 · ce0f908c6b
commit ce0f908c6b
parent 99563ccfa5 6f239b138c
1 changed files with 63 additions and 3 deletions
--- a/2022/26xxx/CVE-2022-26122.json
+++ b/2022/26xxx/CVE-2022-26122.json
@ -4,14 +4,74 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-26122",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "psirt@fortinet.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Fortinet",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Fortinet AV Engine, FortiMail, FortiOS, FortiClient",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "AV Engine version 6.2.168 and below and version 6.4.274 and below."
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "Low",
+            "attackVector": "Network",
+            "availabilityImpact": "None",
+            "baseScore": 4.3,
+            "baseSeverity": "Medium",
+            "confidentialityImpact": "None",
+            "integrityImpact": "Low",
+            "privilegesRequired": "None",
+            "scope": "Changed",
+            "userInteraction": "Required",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:U/RC:R",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Denial of service"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/psirt/FG-IR-22-074",
+                "url": "https://fortiguard.com/psirt/FG-IR-22-074"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An insufficient verification of data authenticity vulnerability [CWE-345] in\u00a0FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow\u00a0an attacker to bypass the AV engine via\u00a0manipulating MIME attachment with junk and pad characters in base64."
            }
        ]
    }