PT-2020-6656 · Fortinet · Fortisiem

Published

2020-01-13

Updated

2020-01-27

CVE-2019-16153

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Fortinet FortiSIEM version 5.2.5 and below

Description A hard-coded password vulnerability in the Fortinet FortiSIEM database component may allow attackers to access the device database via the use of static credentials. The vulnerability is related to the use of pre-installed credentials, which can be exploited by a remote attacker to gain access to the device database.

Recommendations For Fortinet FortiSIEM version 5.2.5 and below, consider changing the default database credentials to custom, strong passwords to mitigate the risk of exploitation. As a temporary workaround, restrict access to the database component to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

BDU:2022-03120

CVE-2019-16153

Affected Products

Fortisiem

PT-2020-6656 · Fortinet · Fortisiem

CVE-2019-16153

Weakness Enumeration

Related Identifiers

Affected Products

References · 4