发布于3月6日3月6日 Members Fortinet FortiManager: Information Exposure (CVE-2022-27490) Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 03/07/2023 Created 03/17/2023 Added 03/17/2023 Modified 01/28/2025 Description A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands. Solution(s) fortinet-fortimanager-upgrade-6_0_4 References https://attackerkb.com/topics/cve-2022-27490 CVE - 2022-27490 https://fortiguard.com/psirt/FG-IR-18-232
