A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-18-232 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:21
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-200 |
14 Mar 2023, 19:27
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | NVD-CWE-noinfo | |
| References | (MISC) https://fortiguard.com/psirt/FG-IR-18-232 - Vendor Advisory | |
| First Time |
Fortinet fortimanager
Fortinet fortianalyzer Fortinet fortiportal Fortinet fortiswitch Fortinet |
|
| CPE | cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
07 Mar 2023, 17:55
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-03-07 17:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-27490
Mitre link : CVE-2022-27490
CVE.ORG link : CVE-2022-27490
JSON object : View
Products Affected
fortinet
- fortianalyzer
- fortiswitch
- fortiportal
- fortimanager
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor