Permissive List of Allowed Inputs

CVE-2022-42469

Medium

4.3/10

Summary

A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-183 - Permissive List of Allowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

References

Advisory Timeline

Published Apr 11, 2023

Permissive List of Allowed Inputs

CVE-2022-42469

Summary

CWE-183 - Permissive List of Allowed Inputs

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS