CVE-2022-22303
published 2022-03-02CVE-2022-22303: An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortigate | — | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | 6.2.0 – 6.2.9 | — |
| fortinet | fortimanager | 6.4.0 – 6.4.7 | — |
| fortinet | fortimanager | 7.0.0 – 7.0.2 | — |
| fortinet | fortinet_fortimanager | — | — |