CVE-2022-41327 — Cleartext Transmission of Sensitive Info in Fortinet Fortios

CWE-319 — Cleartext Transmission of Sensitive Info4 documents4 sources

Severity

4.4MEDIUMNVD

CNA7.8

EPSS

0.0%

top 93.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy

Timeline

PublishedJun 13

Description

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5fortinet/fortios7.2.0 — 7.2.3+1

▶NVDfortinet/fortios7.0.0 — 7.0.8+1

▶CVEListV5fortinet/fortiproxy7.2.0 — 7.2.1+1

▶NVDfortinet/fortiproxy7.0.0 — 7.0.7+2

🔴Vulnerability Details

GHSA

GHSA-vc46-cf3p-6rc7: A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7↗2023-06-13

▶

CVEList

CVE-2022-41327: A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7↗2023-06-13

▶

📋Vendor Advisories

Fortinet

Read Only administrator can intercept sensitive data↗2023-06-13

▶