CVE-2022-41327
7.8HIGHA cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through
Published: 6/13/2023Updated: 11/21/2024
Description
A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.
AI AnalysisPowered by AI
Affected Products
fortinetfortiproxy
fortinetfortiproxy
7.2.0
fortinetfortiproxy
7.2.1
fortinetfortios
fortinetfortios
References
- https://fortiguard.com/psirt/FG-IR-22-380Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-22-380Vendor Advisory