Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-27490

A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.

Published

2023-03-07T17:15:11.793

Last Modified

2024-11-21T06:55:49.757

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-200
  • Type: Primary
    CWE-200
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application fortinet fortianalyzer ≤ 5.6.11 Yes
Application fortinet fortianalyzer ≤ 6.0.4 Yes
Application fortinet fortimanager ≤ 5.6.11 Yes
Application fortinet fortimanager ≤ 6.0.4 Yes
Application fortinet fortiportal ≤ 4.1.2 Yes
Application fortinet fortiportal ≤ 4.2.2 Yes
Application fortinet fortiportal ≤ 5.0.3 Yes
Application fortinet fortiportal ≤ 5.1.2 Yes
Application fortinet fortiportal ≤ 5.2.6 Yes
Application fortinet fortiportal ≤ 5.3.8 Yes
Application fortinet fortiportal ≤ 6.0.9 Yes
Operating System fortinet fortiswitch ≤ 6.0.7 Yes
Operating System fortinet fortiswitch ≤ 6.2.7 Yes
Operating System fortinet fortiswitch ≤ 6.4.10 Yes
Operating System fortinet fortiswitch ≤ 7.0.4 Yes
References