Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-41327

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

Published

2023-06-13T09:15:14.960

Last Modified

2024-11-21T07:23:03.590

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-319
Type: Primary
CWE-319

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortiproxy	≤ 7.0.7	Yes
Application	fortinet	fortiproxy	7.2.0	Yes
Application	fortinet	fortiproxy	7.2.1	Yes
Operating System	fortinet	fortios	≤ 7.0.8	Yes
Operating System	fortinet	fortios	≤ 7.2.4	Yes

References

https://fortiguard.com/psirt/FG-IR-22-380 Vendor Advisory ([email protected])
https://fortiguard.com/psirt/FG-IR-22-380 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)