Critical Infrastructure Sectors: Energy
A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 up to and including 7.2.4, 7.0.0 up to and including 7.0.8, FortiProxy version 7.2.0 up to and including 7.2.1 and 7.0.0 up to and including 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiproxy 7.2.0 |
||
fortinet fortios |
||
fortinet fortiproxy |
||
fortinet fortiproxy 7.2.1 |