CVE-2022-41327

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.0.8 FortiOS versions 7.2.0 through 7.2.4 FortiProxy versions 7.0.0 through 7.0.8 FortiProxy versions 7.2.0 through 7.2.1

Description The issue is related to the cleartext transmission of sensitive information, which may allow an authenticated attacker with readonly superadmin privileges to intercept traffic and obtain other administrators' cookies via diagnose CLI commands. This could potentially enable the attacker to elevate their privileges.

Recommendations For FortiOS versions 7.0.0 through 7.0.8, update to a version that fixes the cleartext transmission vulnerability. For FortiOS versions 7.2.0 through 7.2.4, update to a version that fixes the cleartext transmission vulnerability. For FortiProxy versions 7.0.0 through 7.0.8, update to a version that fixes the cleartext transmission vulnerability. For FortiProxy versions 7.2.0 through 7.2.1, update to a version that fixes the cleartext transmission vulnerability. As a temporary workaround, consider restricting access to diagnose CLI commands to minimize the risk of exploitation.