{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-27490", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2022-03-21T16:03:48.576Z", "datePublished": "2023-03-07T16:04:57.843Z", "dateUpdated": "2024-10-22T20:48:18.405Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiManager", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.4", "status": "affected"}, {"versionType": "semver", "version": "5.6.0", "lessThanOrEqual": "5.6.11", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiAnalyzer", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.4", "status": "affected"}, {"versionType": "semver", "version": "5.6.0", "lessThanOrEqual": "5.6.11", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiPortal", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.9", "status": "affected"}, {"versionType": "semver", "version": "5.3.0", "lessThanOrEqual": "5.3.8", "status": "affected"}, {"versionType": "semver", "version": "5.2.0", "lessThanOrEqual": "5.2.6", "status": "affected"}, {"versionType": "semver", "version": "5.1.0", "lessThanOrEqual": "5.1.2", "status": "affected"}, {"versionType": "semver", "version": "5.0.0", "lessThanOrEqual": "5.0.3", "status": "affected"}, {"versionType": "semver", "version": "4.2.0", "lessThanOrEqual": "4.2.2", "status": "affected"}, {"versionType": "semver", "version": "4.1.0", "lessThanOrEqual": "4.1.2", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiSwitch", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.4", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.10", "status": "affected"}, {"versionType": "semver", "version": "6.2.0", "lessThanOrEqual": "6.2.7", "status": "affected"}, {"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.7", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-03-07T16:04:57.843Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-200", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to FortiManager\u00a0version 6.0.5\u00a0and above,\nUpgrade to FortiManager\u00a0version 6.2.0\u00a0and above.\nUpgrade to FortiAnalyzer version 6.0.5\u00a0and above,\nUpgrade to FortiAnalyzer version 6.2.0\u00a0and above.\nUpgrade to FortiPortal\u00a0version 6.0.10\u00a0and above.\nUpgrade to FortiSwitch version 6.4.11 and above,\nUpgrade to FortiSwitch version 7.0.5 and above."}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-18-232", "url": "https://fortiguard.com/psirt/FG-IR-18-232"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:32:57.808Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-18-232", "url": "https://fortiguard.com/psirt/FG-IR-18-232", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T20:18:24.164388Z", "id": "CVE-2022-27490", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:48:18.405Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-18-232", "name": "https://fortiguard.com/psirt/FG-IR-18-232", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:32:57.808Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-27490", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T20:18:24.164388Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:20:43.399Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Fortinet", "product": "FortiManager", "versions": [{"status": "affected", "version": "6.0.0", "versionType": "semver", "lessThanOrEqual": "6.0.4"}, {"status": "affected", "version": "5.6.0", "versionType": "semver", "lessThanOrEqual": "5.6.11"}], "defaultStatus": "unaffected"}, {"vendor": "Fortinet", "product": "FortiAnalyzer", "versions": [{"status": "affected", "version": "6.0.0", "versionType": "semver", "lessThanOrEqual": "6.0.4"}, {"status": "affected", "version": "5.6.0", "versionType": "semver", "lessThanOrEqual": "5.6.11"}], "defaultStatus": "unaffected"}, {"vendor": "Fortinet", "product": "FortiPortal", "versions": [{"status": "affected", "version": "6.0.0", "versionType": "semver", "lessThanOrEqual": "6.0.9"}, {"status": "affected", "version": "5.3.0", "versionType": "semver", "lessThanOrEqual": "5.3.8"}, {"status": "affected", "version": "5.2.0", "versionType": "semver", "lessThanOrEqual": "5.2.6"}, {"status": "affected", "version": "5.1.0", "versionType": "semver", "lessThanOrEqual": "5.1.2"}, {"status": "affected", "version": "5.0.0", "versionType": "semver", "lessThanOrEqual": "5.0.3"}, {"status": "affected", "version": "4.2.0", "versionType": "semver", "lessThanOrEqual": "4.2.2"}, {"status": "affected", "version": "4.1.0", "versionType": "semver", "lessThanOrEqual": "4.1.2"}], "defaultStatus": "unaffected"}, {"vendor": "Fortinet", "product": "FortiSwitch", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.4"}, {"status": "affected", "version": "6.4.0", "versionType": "semver", "lessThanOrEqual": "6.4.10"}, {"status": "affected", "version": "6.2.0", "versionType": "semver", "lessThanOrEqual": "6.2.7"}, {"status": "affected", "version": "6.0.0", "versionType": "semver", "lessThanOrEqual": "6.0.7"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to FortiManager\u00a0version 6.0.5\u00a0and above,\nUpgrade to FortiManager\u00a0version 6.2.0\u00a0and above.\nUpgrade to FortiAnalyzer version 6.0.5\u00a0and above,\nUpgrade to FortiAnalyzer version 6.2.0\u00a0and above.\nUpgrade to FortiPortal\u00a0version 6.0.10\u00a0and above.\nUpgrade to FortiSwitch version 6.4.11 and above,\nUpgrade to FortiSwitch version 7.0.5 and above."}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-18-232", "name": "https://fortiguard.com/psirt/FG-IR-18-232"}], "descriptions": [{"lang": "en", "value": "A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-03-07T16:04:57.843Z"}}}, "cveMetadata": {"cveId": "CVE-2022-27490", "state": "PUBLISHED", "dateUpdated": "2024-10-22T20:48:18.405Z", "dateReserved": "2022-03-21T16:03:48.576Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2023-03-07T16:04:57.843Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "F405CC91-9EDE-43F4-ACB3-5744F0FAB7BF", "versionEndIncluding": "5.6.11", "versionStartIncluding": "5.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA8E8156-7599-413E-9F09-A4E92362E191", "versionEndIncluding": "6.0.4", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC5BB5B9-7C51-4840-9D25-DA41C0EF16C6", "versionEndIncluding": "5.6.11", "versionStartIncluding": "5.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD13669B-47CA-41CA-8D0A-514AEFD68FF1", "versionEndIncluding": "6.0.4", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "matchCriteriaId": "38B071DD-7C34-4EDC-9D87-EE0C32DA8256", "versionEndIncluding": "4.1.2", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1E4F9F9-1BF0-4DA3-A5DE-D770BD40D324", "versionEndIncluding": "4.2.2", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AE4255A-A854-4A11-8860-A558E1D77F30", "versionEndIncluding": "5.0.3", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F09B0F2-D95C-478B-9AA2-CCE1D2D1E497", "versionEndIncluding": "5.1.2", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "matchCriteriaId": "51CAE1B0-E321-462F-B503-2C13AEF3DAAD", "versionEndIncluding": "5.2.6", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "matchCriteriaId": "44C143C2-D850-4768-94D0-55615D670A47", "versionEndIncluding": "5.3.8", "versionStartIncluding": "5.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "matchCriteriaId": "8835F5DA-F19B-473E-AA9D-D6C7E8948A9E", "versionEndIncluding": "6.0.9", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "843F4434-651D-4A22-80C3-77397E059A98", "versionEndIncluding": "6.0.7", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "549EE910-DAC4-45B7-AE45-6B6A786CD2F5", "versionEndIncluding": "6.2.7", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "4EAE583E-5D26-4224-AB58-DC3E4A6EA505", "versionEndIncluding": "6.4.10", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "2681D458-EE55-478D-92D1-C6BB7BB3BAC4", "versionEndIncluding": "7.0.4", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands."}], "id": "CVE-2022-27490", "lastModified": "2024-11-21T06:55:49.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-07T17:15:11.793", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-18-232"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-18-232"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "psirt@fortinet.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}