{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-27490","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2022-03-21T16:03:48.576Z","datePublished":"2023-03-07T16:04:57.843Z","dateUpdated":"2024-10-22T20:48:18.405Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"6.0.0","lessThanOrEqual":"6.0.4","status":"affected"},{"versionType":"semver","version":"5.6.0","lessThanOrEqual":"5.6.11","status":"affected"}]},{"vendor":"Fortinet","product":"FortiAnalyzer","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"6.0.0","lessThanOrEqual":"6.0.4","status":"affected"},{"versionType":"semver","version":"5.6.0","lessThanOrEqual":"5.6.11","status":"affected"}]},{"vendor":"Fortinet","product":"FortiPortal","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"6.0.0","lessThanOrEqual":"6.0.9","status":"affected"},{"versionType":"semver","version":"5.3.0","lessThanOrEqual":"5.3.8","status":"affected"},{"versionType":"semver","version":"5.2.0","lessThanOrEqual":"5.2.6","status":"affected"},{"versionType":"semver","version":"5.1.0","lessThanOrEqual":"5.1.2","status":"affected"},{"versionType":"semver","version":"5.0.0","lessThanOrEqual":"5.0.3","status":"affected"},{"versionType":"semver","version":"4.2.0","lessThanOrEqual":"4.2.2","status":"affected"},{"versionType":"semver","version":"4.1.0","lessThanOrEqual":"4.1.2","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSwitch","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.4","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.10","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.7","status":"affected"},{"versionType":"semver","version":"6.0.0","lessThanOrEqual":"6.0.7","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-03-07T16:04:57.843Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-200","description":"Information disclosure","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Upgrade to FortiManager version 6.0.5 and above,\nUpgrade to FortiManager version 6.2.0 and above.\nUpgrade to FortiAnalyzer version 6.0.5 and above,\nUpgrade to FortiAnalyzer version 6.2.0 and above.\nUpgrade to FortiPortal version 6.0.10 and above.\nUpgrade to FortiSwitch version 6.4.11 and above,\nUpgrade to FortiSwitch version 7.0.5 and above."}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-18-232","url":"https://fortiguard.com/psirt/FG-IR-18-232"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T05:32:57.808Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-18-232","url":"https://fortiguard.com/psirt/FG-IR-18-232","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-22T20:18:24.164388Z","id":"CVE-2022-27490","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T20:48:18.405Z"}}]}}