CVE-2022-27490
published 2023-03-07CVE-2022-27490: A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | 5.6.0 – 5.6.11 | — |
| fortinet | fortianalyzer | 6.0.0 – 6.0.4 | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | 5.6.0 – 5.6.11 | — |
| fortinet | fortimanager | 6.0.0 – 6.0.4 | — |
| fortinet | fortinet | — | — |
| fortinet | fortiportal | — | — |
| fortinet | fortiportal | 4.1.0 – 4.1.2 | — |
| fortinet | fortiportal | 4.2.0 – 4.2.2 | — |
| fortinet | fortiportal | 5.0.0 – 5.0.3 | — |
| fortinet | fortiportal | 5.1.0 – 5.1.2 | — |
| fortinet | fortiportal | 5.2.0 – 5.2.6 | — |
| fortinet | fortiportal | 5.3.0 – 5.3.8 | — |
| fortinet | fortiportal | 6.0.0 – 6.0.9 | — |
| fortinet | fortiswitch | — | — |
| fortinet | fortiswitch | 6.0.0 – 6.0.7 | — |
| fortinet | fortiswitch | 6.2.0 – 6.2.7 | — |
| fortinet | fortiswitch | 6.4.0 – 6.4.10 | — |
| fortinet | fortiswitch | 7.0.0 – 7.0.4 | — |