PT-2023-3235 · Fortinet · Fortisiem

Publicado

2023-06-12

Atualizado

2023-06-17

CVE-2023-26204

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FortiSIEM versions 5.3 through 6.7

Description The issue is related to the storage of passwords in plaintext, which may allow an attacker with access to user database content to impersonate any admin user on the device GUI. This could potentially enable a remote attacker to gain unauthorized access to databases.

Recommendations For FortiSIEM versions 5.3 through 6.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-256CWE-522

Identificadores relacionados

BDU:2023-03356

CVE-2023-26204

Produtos afetados

Fortisiem

PT-2023-3235 · Fortinet · Fortisiem

CVE-2023-26204

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5