FortiManager --- Password observed in cleartext in the config conflict file
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-165
Final
1
1
2022-03-01T00:00:00
Current version
2022-03-01T00:00:00
2022-03-01T00:00:00
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.
None
Information disclosure
FortiManager version 7.0.0 through 7.0.2FortiManager version 6.4.0 through 6.4.7FortiManager version 6.2.0 through 6.2.11
Please upgrade to FortiManager verison 7.0.3 or above.Please upgrade to FortiManager version 6.4.8 or above.
Fortinet is pleased to thank Aymen Idriss from Topnet for reporting this vulnerability under responsible disclosure.
FortiManager 7.0.2
FortiManager 7.0.1
FortiManager 7.0.0
FortiManager 6.4.7
FortiManager 6.4.6
FortiManager 6.4.5
FortiManager 6.4.4
FortiManager 6.4.3
FortiManager 6.4.2
FortiManager 6.4.1
FortiManager 6.4.0
FortiManager 6.2.11
FortiManager 6.2.10
FortiManager 6.2.9
FortiManager 6.2.8
FortiManager 6.2.7
FortiManager 6.2.6
FortiManager 6.2.5
FortiManager 6.2.4
FortiManager 6.2.3
FortiManager 6.2.2
FortiManager 6.2.1
FortiManager 6.2.0
FortiManager --- Password observed in cleartext in the config conflict file
CVE-2022-22303
FortiManager-7.0.2
FortiManager-7.0.1
FortiManager-7.0.0
FortiManager-6.4.7
FortiManager-6.4.6
FortiManager-6.4.5
FortiManager-6.4.4
FortiManager-6.4.3
FortiManager-6.4.2
FortiManager-6.4.1
FortiManager-6.4.0
FortiManager-6.2.11
FortiManager-6.2.10
FortiManager-6.2.9
FortiManager-6.2.8
FortiManager-6.2.7
FortiManager-6.2.6
FortiManager-6.2.5
FortiManager-6.2.4
FortiManager-6.2.3
FortiManager-6.2.2
FortiManager-6.2.1
FortiManager-6.2.0
2.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-21-165
FortiManager --- Password observed in cleartext in the config conflict file
Reference>