PT-2019-4312 · Fortinet · Fortisiem

Publicado

2019-12-04

Atualizado

2021-07-21

CVE-2019-6700

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions FortiSIEM versions 5.2.2 and earlier

Description The issue is related to an information exposure in the external authentication profile form, potentially allowing an authenticated attacker to retrieve the external authentication password via the HTML source code. Additionally, there is a concern with the use of defective cryptographic algorithms, which could enable a remote attacker to gain unauthorized access to protected information.

Recommendations For FortiSIEM versions 5.2.2 and earlier, consider restricting access to the external authentication profile form until a fix is available. As a temporary workaround, restrict the use of defective cryptographic algorithms to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Information Disclosure

Use of a Broken Cryptographic Algorithm

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-200CWE-327

Identificadores relacionados

BDU:2020-00027

CVE-2019-6700

Produtos afetados

Fortisiem

PT-2019-4312 · Fortinet · Fortisiem

CVE-2019-6700

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5