exploitDog

GHSA-vc46-cf3p-6rc7

Опубликовано: 13 июн. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 7.8

Описание

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

Ссылки

EPSS

Процентиль: 5%

0.00021

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-319

Связанные уязвимости

CVE-2022-41327

CVSS3: 7.8

nvd

больше 2 лет назад

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

BDU:2023-03357

CVSS3: 7.8

fstec

больше 2 лет назад

Уязвимость операционных систем FortiOS и прокси-сервера для защиты от интернет-атак FortiProxy, связанная с передачей данных в открытом виде, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 5%

0.00021

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-319