Lucene search

FortinetCVE-2022-35842

HistoryNov 02, 2022 - 12:15 p.m.

CVE-2022-35842

2022-11-0212:15:53

CWE-200

fortinet

web.nvd.nist.gov

cve-2022-35842

cwe-200

fortios

ssl-vpn

vulnerability

unauthorized actor

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

57.6%

JSON

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.

Affected configurations

Nvd

Node

fortinetfortiosRange6.4.0–6.4.9

fortinetfortiosRange7.0.0–7.0.6

fortinetfortiosMatch7.2.0

VendorProductVersionCPE
fortinetfortios*cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
fortinetfortios7.2.0cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortios	*	cpe:2.3:o:fortinet:fortios::::::::
fortinet	fortios	7.2.0	cpe:2.3:o:fortinet:fortios:7.2.0:::::::*

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "Fortinet FortiOS",
    "versions": [
      {
        "version": "FortiOS 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-22-223

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

57.6%

JSON

Related for CVE-2022-35842