CVE-2022-27490

CVE Database · CVE-2022-27490

CVE-2022-27490

· MEDIUMModified

CVSS v3.1

5.4

EPSS

0.47%

Published

Mar 7, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Weaknesses (CWE)

CWE-200CWE-200

Affected Products (15)

fortinet · fortianalyzervulnerable

fortinet · fortimanagervulnerable

fortinet · fortiportalvulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-18-232

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-18-232

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs