Description
A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators' credentials via diagnose commands.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
- Attack Vector
- local
- Complexity
- low
- Privileges
- high
- User Action
- required
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-316
Metadata
- Primary Vendor
- FORTINET
- Published
- 11/18/2025
- Last Modified
- 11/20/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
fortinet : fortipam
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.