Excessive Authentication Attempts in FortiTester Products by Fortinet
CVE-2022-35846

8.1HIGH

Key Information:

Vendor: Fortinet
Status: Fortinet Fortitester
Vendor: CVE Published:; 18 October 2022

Summary

FortiTester products have a vulnerability that improperly restricts excessive authentication attempts, allowing unauthenticated attackers to execute brute force attacks to guess admin credentials. This flaw affects multiple versions, emphasizing the need for users to limit the access and utilize additional security measures to protect their administrative interfaces.

Affected Version(s)

Fortinet FortiTester FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0

References

https://fortiguard.com/psirt/FG-IR-22-244

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Jul 13, 2022