Unrated severityNVD Advisory· Published Mar 2, 2022· Updated Oct 22, 2024
CVE-2022-22303
CVE-2022-22303
Description
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.
Affected products
2prior to 7.0.2, 6.4.7, 6.2.9+ 1 more
- (no CPE)range: prior to 7.0.2, 6.4.7, 6.2.9
- (no CPE)range: FortiManager 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Patches
Vulnerability mechanics
References
1- fortiguard.com/psirt/FG-IR-21-165mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.