CVE-2022-27490

A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.

CVSS v3.0 6.5 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-18-232	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortiportal::::::::
	cpe:2.3:a:fortinet:fortiportal::::::::
	cpe:2.3:a:fortinet:fortiportal::::::::
	cpe:2.3:a:fortinet:fortiportal::::::::
	cpe:2.3:a:fortinet:fortiportal::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:o:fortinet:fortiswitch::::::::
	cpe:2.3:o:fortinet:fortiswitch::::::::
	cpe:2.3:a:fortinet:fortiportal::::::::
	cpe:2.3:o:fortinet:fortiswitch::::::::
	cpe:2.3:o:fortinet:fortiswitch::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortiportal::::::::

Information

Published : 2023-03-07 17:15

Updated : 2023-08-08 14:21

NVD link : CVE-2022-27490

Mitre link : CVE-2022-27490

JSON object : View

Products Affected

fortinet

fortimanager
fortiportal
fortianalyzer
fortiswitch

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/psirt/FG-IR-18-232", "name": "https://fortiguard.com/psirt/FG-IR-18-232", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-27490", "ASSIGNER": "psirt@fortinet.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2023-03-07T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.1.2", "versionStartIncluding": "5.1.0"}, {"cpe23Uri": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.0.3", "versionStartIncluding": "5.0.0"}, {"cpe23Uri": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.1.2", "versionStartIncluding": "4.1.0"}, {"cpe23Uri": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.2.2", "versionStartIncluding": "4.2.0"}, {"cpe23Uri": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.2.6", "versionStartIncluding": "5.2.0"}, {"cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.6.11", "versionStartIncluding": "5.6.0"}, {"cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.6.11", "versionStartIncluding": "5.6.0"}, {"cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.0.7", "versionStartIncluding": "6.0.0"}, {"cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.2.7", "versionStartIncluding": "6.2.0"}, {"cpe23Uri": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.3.8", "versionStartIncluding": "5.3.0"}, {"cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.0.4", "versionStartIncluding": "7.0.0"}, {"cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.4.10", "versionStartIncluding": "6.4.0"}, {"cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.0.4", "versionStartIncluding": "6.0.0"}, {"cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.0.4", "versionStartIncluding": "6.0.0"}, {"cpe23Uri": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.0.9", "versionStartIncluding": "6.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-08-08T14:21Z"}