A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-22-380 |
History
Wed, 23 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2023-06-13T08:41:41.742Z
Updated: 2024-10-23T14:27:14.451Z
Reserved: 2022-09-23T15:07:35.780Z
Link: CVE-2022-41327
Vulnrichment
Updated: 2024-08-03T12:42:44.712Z
NVD
Status : Modified
Published: 2023-06-13T09:15:14.960
Modified: 2024-11-21T07:23:03.590
Link: CVE-2022-41327
Redhat
No data.