Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-26112
CVE-2022-26112:
Java vulnerability analysis and mitigation
Overview
Multiple stack-based buffer overflow vulnerabilities [CWE-121] were identified in FortiWAN before version 4.5.9, affecting both network daemons and the command line interpreter. The vulnerability was internally discovered by Giuseppe Cocomazzi of the Fortinet Product Security team and was published on April 5, 2022 (Fortiguard PSIRT, CVE Mitre).
Technical details
The vulnerability has been assigned a High severity rating with a CVSSv3 score of 7.7. The issue stems from stack-based buffer overflow vulnerabilities that affect both network daemons and the command line interpreter components of FortiWAN version 4.5.8 and below (Fortiguard PSIRT).
Impact
If successfully exploited, this vulnerability allows an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests (Fortiguard PSIRT).
Mitigation and workarounds
Fortinet has addressed this vulnerability by releasing FortiWAN version 4.5.9. Users are advised to upgrade to this version to mitigate the risk (Fortiguard PSIRT).
Additional resources
Source: This report was generated using AI
Related Java vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management