CVE-2022-22306 Information

Description

An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14 6.2.0 through 6.2.10 6.4.0 through 6.4.8 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.

Reference

https://fortiguard.com/psirt/FG-IR-21-239