How severe is CVE-2022-26122?

CVE-2022-26122 has a CVSS v3 score of 4.7 (MEDIUM).

CVE-2022-26122

Name: antivirus_engine
Author: fortinet

4.7MEDIUM

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker

发布于: 11/2/2022更新于: 11/21/2024

描述

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

AI分析AI驱动

受影响产品

fortinetantivirus_engine

0.4.23

fortinetantivirus_engine

2.0.49

fortinetantivirus_engine

2.0.60

fortinetantivirus_engine

4.4.54

fortinetantivirus_engine

6.33

fortinetantivirus_engine

6.137

fortinetantivirus_engine

6.142

fortinetantivirus_engine

6.144

fortinetantivirus_engine

6.145

fortinetantivirus_engine

6.156

fortinetantivirus_engine

6.157

fortinetantivirus_engine

6.243

fortinetantivirus_engine

6.252

fortinetantivirus_engine

6.253

fortinetfortimail

4.1.0

fortinetfortios

7.2.0

参考资料

https://fortiguard.com/psirt/FG-IR-22-074
PatchVendor Advisory
https://fortiguard.com/psirt/FG-IR-22-074
PatchVendor Advisory