Lucene search

FortinetCVELIST:CVE-2022-35842

HistoryNov 02, 2022 - 12:00 a.m.

CVE-2022-35842

2022-11-0200:00:00

fortinet

www.cve.org

cve-2022-35842

sensitive information exposure

fortios

ssl-vpn

remote attacker

ldap

saml

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

57.6%

JSON

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "Fortinet FortiOS",
    "versions": [
      {
        "version": "FortiOS 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-22-223

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

57.6%

JSON

Related for CVELIST:CVE-2022-35842