CVE-2022-22303 LOW

CVE-2022-22303

Vendor Fortinet
Product Fortinet FortiManager
Published March 2, 2022
Last update October 22, 2024

CVSS base score

2.8/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:F/RL:X/RC:X

What the vulnerability does

01Description

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.

Key dates

02Disclosure timeline

March 2, 2022 CVE published
October 22, 2024 Record updated