CVE-2022-41327 - CERT CVE
ID CVE-2022-41327
Sažetak A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.
Reference
CVSS
Base: 4.4
Impact: 3.6
Exploitability:0.8
Pristup
VektorSloženostAutentikacija
LOCAL LOW -
Impact
PovjerljivostCjelovitostDostupnost
HIGH NONE NONE
CVSS vektor CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Zadnje važnije ažuriranje 07-11-2023 - 03:52
Objavljeno 13-06-2023 - 09:15