First published: Wed Mar 02 2022(Updated: )
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiManager | >=6.2.0<=6.2.9 | |
Fortinet FortiManager | >=6.4.0<=6.4.7 | |
Fortinet FortiManager | >=7.0.0<=7.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-22303 refers to an exposure of sensitive system information to an unauthorized control sphere vulnerability in FortiManager versions prior to 7.0.2, 6.4.7, and 6.2.9.
CVE-2022-22303 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.
CVE-2022-22303 has a severity rating of 5.5, which is considered medium.
FortiManager versions prior to 7.0.2, 6.4.7, and 6.2.9 are affected by CVE-2022-22303.
You can find more information about CVE-2022-22303 at the following reference link: [FortiGuard Advisory FG-IR-21-165](https://fortiguard.com/psirt/FG-IR-21-165).