Lucene search

[email protected]NVD:CVE-2022-22303

HistoryMar 02, 2022 - 10:15 a.m.

CVE-2022-22303

2022-03-0210:15:08

CWE-200

[email protected]

web.nvd.nist.gov

sensitive information

vulnerability

fortimanager

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.

Affected configurations

Nvd

Node

fortinetfortimanagerRange6.2.0–6.2.9

fortinetfortimanagerRange6.4.0–6.4.7

fortinetfortimanagerRange7.0.0–7.0.2

VendorProductVersionCPE
fortinetfortimanager*cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortimanager	*	cpe:2.3:a:fortinet:fortimanager::::::::

References

fortiguard.com/psirt/FG-IR-21-165

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2022-22303

cnvd1 fortinet1 cvelist1 prion1 cve1