CVE-2022-41327

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

Published: Jun 13, 2023
Updated: Jun 18, 2023
CVE: CVE-2022-41327
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.4
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-319

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
fortinet / fortiproxy	7.2.0	7.2.0.x
fortinet / fortios	7.0.0	7.0.8.x
fortinet / fortiproxy	7.0.0	7.0.7.x
fortinet / fortiproxy	7.2.1	7.2.1.x
fortinet / fortios	7.2.0	7.2.4.x

https://fortiguard.com/psirt/FG-IR-22-380

Vulnerability Database

289,784

CVE-2022-41327