CVE-2022-41327

CVSS 7.6 HIGHEPSS 0.1%CWE-319

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C

Affected products

Fortinet · FortiOS Fortinet · FortiProxy

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.com/psirt/FG-IR-22-380