CVE-2017-7738Sensitive Information Exposure in Fortinet Fortios

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.3%
top 42.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet INC Fortios
Timeline
PublishedDec 13
Latest updateMay 14

Description

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortios5.4.05.4.5+2
CVEListV5fortinet_inc/fortios5.2 and below, 5.4.0 to 5.4.5, 5.6.0 to 5.6.2+2

🔴Vulnerability Details

2
GHSA
GHSA-6jcp-68rq-927h: An Information Disclosure vulnerability in Fortinet FortiOS 52022-05-14
CVEList
CVE-2017-7738: An Information Disclosure vulnerability in Fortinet FortiOS 52017-12-13

📋Vendor Advisories

1
Fortinet
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow...2017-12-13
CVE-2017-7738 — Sensitive Information Exposure | cvebase