CVE-2022-41329Sensitive Information Exposure in Fortinet Fortios

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.8%
top 26.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet Fortiproxy
Timeline
PublishedMar 7

Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

CVEListV5fortinet/fortios7.2.07.2.3+3
NVDfortinet/fortios6.2.36.2.13+3
CVEListV5fortinet/fortiproxy7.2.07.2.2+1
NVDfortinet/fortiproxy7.0.07.0.8+1

🔴Vulnerability Details

2
GHSA
GHSA-wp7c-672v-6mfw: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 72023-03-07
CVEList
CVE-2022-41329: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 72023-03-07

📋Vendor Advisories

1
Fortinet
Unauthenticated access to static files containing logging information2023-03-07
CVE-2022-41329 — Sensitive Information Exposure | cvebase