vulnerability

Fortinet FortiOS: Cleartext Transmission of Sensitive Information (CVE-2022-41327)

Severity
4
CVSS
(AV:L/AC:L/Au:M/C:C/I:N/A:N)
Published
Jun 13, 2023
Added
Jun 19, 2023
Modified
Jan 28, 2025

Description

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

Solution

fortios-upgrade-latest
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.