CVE-2022-41327

CVE Database · CVE-2022-41327

CVE-2022-41327

· HIGHModified

CVSS v3.1

7.8

EPSS

0.13%

Published

Jun 13, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-319CWE-319

Affected Products (5)

fortinet · fortiproxyvulnerable

fortinet · fortiosvulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-22-380

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-380

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs