CVE-2022-35842

Published: Nov 2, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.

Affected (3)

Products: Fortinet: Fortios

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 6.4.0 to 6.4.9
Fortinet Fortios	From 7.0.0 to 7.0.6
Fortinet Fortios	Version 7.2.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://fortiguard.com/psirt/FG-IR-22-223

Source: psirt@fortinet.com

PatchVendor Advisory

https://fortiguard.com/psirt/FG-IR-22-223

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.