CWE-319: Cleartext Transmission of Sensitive Information Vulnerability in Fortinet FortiOS and FortiProxy

CWE-319: Cleartext Transmission of Sensitive Information Vulnerability in Fortinet FortiOS and FortiProxy

CVE-2022-41327 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

Learn more about our Cis Benchmark Audit For Apple Ios.