| IR Number | FG-IR-22-364 |
| Date | Mar 7, 2023 |
| Severity |
Medium |
| CVSSv3 Score | 5.2 |
| Impact | Improper access control |
| CVE ID | CVE-2022-41329 |
| Affected Products |
FortiProxy
:
7.2.2, 7.2.1, 7.2.0, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0
FortiOS
:
7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.11, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.14, 6.2.13, 6.2.12, 6.2.11, 6.2.10
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiOS / FortiProxy - Unauthenticated access to static files containing logging information
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiOS and FortiProxy administrative interface may allow an unauthenticated attacker to obtain sensitive logging information on the device via crafted HTTP or HTTPs GET requests.
Affected Products
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.3 and above
Solutions
Please upgrade to FortiProxy version 7.2.3 or above
Please upgrade to FortiProxy version 7.0.9 or above
Please upgrade to FortiOS version 7.2.4 or above
Please upgrade to FortiOS version 7.0.10 or above
Please upgrade to FortiOS version 6.4.12 or above