CVE-2022-27490

Name of the Vulnerable Software and Affected Versions FortiManager versions 6.0.0 through 6.0.4 FortiAnalyzer versions 6.0.0 through 6.0.4 FortiPortal versions 4.1.x through 5.3.8 FortiPortal versions 5.0.x through 6.0.9 FortiSwitch versions 6.0.x through 7.0.4 FortiSwitch versions 6.2.x through 6.4.10

Description The issue is related to the exposure of sensitive information to unauthorized actors. An attacker with access to a restricted administrative account can obtain sensitive information via diagnose debug commands. This is due to a lack of protection for service data.

Recommendations For FortiManager versions 6.0.0 through 6.0.4, update to a version that includes a fix for this issue. For FortiAnalyzer versions 6.0.0 through 6.0.4, update to a version that includes a fix for this issue. For FortiPortal versions 4.1.x through 5.3.8, update to a version that includes a fix for this issue. For FortiPortal versions 5.0.x through 6.0.9, update to a version that includes a fix for this issue. For FortiSwitch versions 6.0.x through 7.0.4, update to a version that includes a fix for this issue. For FortiSwitch versions 6.2.x through 6.4.10, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to diagnose debug commands until a patch is available.