CVE-2022-43954

4.1MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiportal
Vendor: CVE Published:; 16 February 2023

Summary

An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page.

Affected Version(s)

FortiPortal 7.0.0 <= 7.0.2

References

https://fortiguard.com/psirt/FG-IR-22-430

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Oct 27, 2022