FortiOS -- Inter-VDOM information leaking
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-22-036
Final
1
1
2022-08-02T00:00:00
Current version
2022-08-02T00:00:00
2022-08-02T00:00:00
An improper access control vulnerability [CWE-284] in FortiOS may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.
None
Information disclosure
FortiOS version 7.0.0 through 7.0.5FortiOS version 6.4.0 through 6.4.8FortiOS 6.2 all versions
Please upgrade to FortiGate version 7.2.0 or above.Please upgrade to FortiGate version 7.0.6 or above.Please upgrade to FortiGate version 6.4.9 or above.
FortiOS 7.0.5
FortiOS 7.0.4
FortiOS 7.0.3
FortiOS 7.0.2
FortiOS 7.0.1
FortiOS 7.0.0
FortiOS 6.4.8
FortiOS 6.4.7
FortiOS 6.4.6
FortiOS 6.4.5
FortiOS 6.4.4
FortiOS 6.4.3
FortiOS 6.4.2
FortiOS 6.4.1
FortiOS 6.4.0
FortiOS 6.2.16
FortiOS 6.2.15
FortiOS 6.2.14
FortiOS 6.2.13
FortiOS 6.2.12
FortiOS 6.2.11
FortiOS 6.2.10
FortiOS 6.2.9
FortiOS 6.2.8
FortiOS 6.2.7
FortiOS 6.2.6
FortiOS 6.2.5
FortiOS 6.2.4
FortiOS 6.2.3
FortiOS 6.2.2
FortiOS 6.2.1
FortiOS 6.2.0
FortiOS -- Inter-VDOM information leaking
CVE-2022-23442
FortiOS-7.0.5
FortiOS-7.0.4
FortiOS-7.0.3
FortiOS-7.0.2
FortiOS-7.0.1
FortiOS-7.0.0
FortiOS-6.4.8
FortiOS-6.4.7
FortiOS-6.4.6
FortiOS-6.4.5
FortiOS-6.4.4
FortiOS-6.4.3
FortiOS-6.4.2
FortiOS-6.4.1
FortiOS-6.4.0
FortiOS-6.2.16
FortiOS-6.2.15
FortiOS-6.2.14
FortiOS-6.2.13
FortiOS-6.2.12
FortiOS-6.2.11
FortiOS-6.2.10
FortiOS-6.2.9
FortiOS-6.2.8
FortiOS-6.2.7
FortiOS-6.2.6
FortiOS-6.2.5
FortiOS-6.2.4
FortiOS-6.2.3
FortiOS-6.2.2
FortiOS-6.2.1
FortiOS-6.2.0
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-22-036
FortiOS -- Inter-VDOM information leaking
Reference>