Headline
CVE-2022-23442: Fortiguard
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.
** PSIRT Advisories**
FortiOS – Inter-VDOM information leaking
Summary
An improper access control vulnerability [CWE-284] in FortiOS may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.
Affected Products
FortiOS version 7.0.0 through 7.0.5
FortiOS version 6.4.0 through 6.4.8
FortiOS version 6.2.0 through 6.2.11
Solutions
Please upgrade to FortiGate version 7.2.0 or above.
Please upgrade to FortiGate version 7.0.6 or above.
Please upgrade to FortiGate version 6.4.9 or above.