CVE-2022-27490

CWE-200 — Information Exposure4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 39.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortimanager Fortinet Fortiportal +1 more

Timeline

PublishedMar 7

Description

A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages8 packages

▶CVEListV5fortinet/fortiportal6.0.0 — 6.0.9+6

▶CVEListV5fortinet/fortiswitch7.0.0 — 7.0.4+3

▶NVDfortinet/fortiportal4.1.0 — 4.1.2+6

▶NVDfortinet/fortiswitch6.0.0 — 6.0.7+3

▶CVEListV5fortinet/fortimanager6.0.0 — 6.0.4+1

🔴Vulnerability Details

GHSA

GHSA-ppvm-3r29-h3pv: A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6↗2023-03-07

▶

CVEList

CVE-2022-27490: A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6↗2023-03-07

▶

📋Vendor Advisories

Fortinet

A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, Forti...↗2023-03-07

▶