FortiOS / FortiProxy - Unauthenticated access to static files containing logging information
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-22-364
Final
1
1
2023-03-07T00:00:00
Current version
2023-03-07T00:00:00
2023-03-07T00:00:00
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiOS and FortiProxy administrative interface may allow an unauthenticated attacker to obtain sensitive logging information on the device via crafted HTTP or HTTPs GET requests.
None
Improper access control
FortiProxy version 7.2.0 through 7.2.2 FortiProxy version 7.0.0 through 7.0.8 FortiOS version 7.2.0 through 7.2.3 FortiOS version 7.0.0 through 7.0.9 FortiOS version 6.4.0 through 6.4.11 FortiOS version 6.2.3 and above
Please upgrade to FortiProxy version 7.2.3 or above Please upgrade to FortiProxy version 7.0.9 or above Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.10 or above Please upgrade to FortiOS version 6.4.12 or above
Internally discovered and reported by Théo Leleu of Fortinet Product Security team.
FortiOS 7.2.3
FortiOS 7.2.2
FortiOS 7.2.1
FortiOS 7.2.0
FortiOS 7.0.9
FortiOS 7.0.8
FortiOS 7.0.7
FortiOS 7.0.6
FortiOS 7.0.5
FortiOS 7.0.4
FortiOS 7.0.3
FortiOS 7.0.2
FortiOS 7.0.1
FortiOS 7.0.0
FortiOS 6.4.11
FortiOS 6.4.10
FortiOS 6.4.9
FortiOS 6.4.8
FortiOS 6.4.7
FortiOS 6.4.6
FortiOS 6.4.5
FortiOS 6.4.4
FortiOS 6.4.3
FortiOS 6.4.2
FortiOS 6.4.1
FortiOS 6.4.0
FortiOS 6.2.16
FortiOS 6.2.15
FortiOS 6.2.14
FortiOS 6.2.13
FortiOS 6.2.12
FortiOS 6.2.11
FortiOS 6.2.10
FortiOS 6.2.9
FortiOS 6.2.8
FortiOS 6.2.7
FortiOS 6.2.6
FortiOS 6.2.5
FortiOS 6.2.4
FortiOS 6.2.3
FortiProxy 7.2.2
FortiProxy 7.2.1
FortiProxy 7.2.0
FortiProxy 7.0.8
FortiProxy 7.0.7
FortiProxy 7.0.6
FortiProxy 7.0.5
FortiProxy 7.0.4
FortiProxy 7.0.3
FortiProxy 7.0.2
FortiProxy 7.0.1
FortiProxy 7.0.0
FortiOS / FortiProxy - Unauthenticated access to static files containing logging information
CVE-2022-41329
FortiOS-7.2.3
FortiOS-7.2.2
FortiOS-7.2.1
FortiOS-7.2.0
FortiOS-7.0.9
FortiOS-7.0.8
FortiOS-7.0.7
FortiOS-7.0.6
FortiOS-7.0.5
FortiOS-7.0.4
FortiOS-7.0.3
FortiOS-7.0.2
FortiOS-7.0.1
FortiOS-7.0.0
FortiOS-6.4.11
FortiOS-6.4.10
FortiOS-6.4.9
FortiOS-6.4.8
FortiOS-6.4.7
FortiOS-6.4.6
FortiOS-6.4.5
FortiOS-6.4.4
FortiOS-6.4.3
FortiOS-6.4.2
FortiOS-6.4.1
FortiOS-6.4.0
FortiOS-6.2.16
FortiOS-6.2.15
FortiOS-6.2.14
FortiOS-6.2.13
FortiOS-6.2.12
FortiOS-6.2.11
FortiOS-6.2.10
FortiOS-6.2.9
FortiOS-6.2.8
FortiOS-6.2.7
FortiOS-6.2.6
FortiOS-6.2.5
FortiOS-6.2.4
FortiOS-6.2.3
FortiProxy-7.2.2
FortiProxy-7.2.1
FortiProxy-7.2.0
FortiProxy-7.0.8
FortiProxy-7.0.7
FortiProxy-7.0.6
FortiProxy-7.0.5
FortiProxy-7.0.4
FortiProxy-7.0.3
FortiProxy-7.0.2
FortiProxy-7.0.1
FortiProxy-7.0.0
5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-22-364
FortiOS / FortiProxy - Unauthenticated access to static files containing logging information
Reference>