CVE-2022-22303

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
02/03/2022
Last modified:
10/03/2022

Description

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* 6.2.0 (including) 6.2.9 (including)
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* 6.4.0 (including) 6.4.7 (including)
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* 7.0.0 (including) 7.0.2 (including)


References to Advisories, Solutions, and Tools