VYPR
Unrated severityNVD Advisory· Published Jun 13, 2023· Updated Oct 23, 2024

CVE-2022-41327

CVE-2022-41327

Description

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

Affected products

4
  • Fortinet/Fortiproxyllm-fuzzy2 versions
    7.0.0 through 7.0.8, 7.2.0 through 7.2.1+ 1 more
    • (no CPE)range: 7.0.0 through 7.0.8, 7.2.0 through 7.2.1
    • (no CPE)range: 7.2.0
  • Fortinet/Fortiosllm-fuzzy2 versions
    7.0.0 through 7.0.8, 7.2.0 through 7.2.4+ 1 more
    • (no CPE)range: 7.0.0 through 7.0.8, 7.2.0 through 7.2.4
    • (no CPE)range: 7.2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.