Information disclosure through diagnose debug commands Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-18-232 Final 1 1 2023-03-07T00:00:00 Current version 2023-03-07T00:00:00 2023-03-07T00:00:00 An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager, FortiAnalyzer, FortiPortal & FortiSwitch may allow an attacker which has obtained access to a restricted administrative account to obtain sensitive information via diagnose debug commands. None Information disclosure At leastFortiManager version 6.0.0 through 6.0.4At leastFortiAnalyzer version 6.0.0 through 6.0.4At leastFortiPortal 4.1 all versionsFortiPortal 4.2 all versionsFortiPortal 5.0 all versionsFortiPortal 5.1 all versionsFortiPortal 5.2 all versionsFortiPortal 5.3 all versionsFortiPortal version 6.0.0 through 6.0.9At leastFortiSwitch version 6.0.0 through 6.0.7FortiSwitch version 6.2.0 through 6.2.7FortiSwitch version 6.4.0 through 6.4.10FortiSwitch version 7.0.0 through 7.0.4 Upgrade to FortiManager version 6.0.5 and above,Upgrade to FortiManager version 6.2.0 and above.Upgrade to FortiAnalyzer version 6.0.5 and above,Upgrade to FortiAnalyzer version 6.2.0 and above.Upgrade to FortiPortal version 6.0.10 and above.Upgrade to FortiSwitch version 6.4.11 and above,Upgrade to FortiSwitch version 7.0.5 and above. CVE-2022-27490 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-18-232 Information disclosure through diagnose debug commands Reference>