PT-2023-1860 · Fortinet · Fortiproxy+1
Published
2023-03-07
·
Updated
2023-03-14
·
CVE-2022-41329
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiProxy versions 7.0.0 through 7.0.7
FortiProxy versions 7.2.0 through 7.2.1
FortiOS versions 7.0.0 through 7.0.9
FortiOS versions 7.2.0 through 7.2.3
Description
The issue is related to insufficient protection of internal data in the administrative interface of FortiOS and FortiProxy, allowing an unauthenticated attacker to obtain sensitive logging information on the device via crafted HTTP GET requests.
Recommendations
For FortiProxy versions 7.0.0 through 7.0.7, update to a version outside of this range to mitigate the risk.
For FortiProxy versions 7.2.0 through 7.2.1, update to a version outside of this range to mitigate the risk.
For FortiOS versions 7.0.0 through 7.0.9, update to a version outside of this range to mitigate the risk.
For FortiOS versions 7.2.0 through 7.2.3, update to a version outside of this range to mitigate the risk.
As a temporary workaround, consider restricting access to the administrative interface until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios
Fortiproxy