CVE-2023-26207

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 7.2.0 through 7.2.4 FortiProxy versions 7.0.0 through 7.0.10

Description The issue is related to the insertion of sensitive information into log files, which may allow an attacker to read certain passwords in plain text or ciphertext. This is due to insufficient protection of registration data. The vulnerability can be exploited by a remote authenticated attacker, potentially leading to the disclosure of confidential information.

Recommendations For Fortinet FortiOS versions 7.2.0 through 7.2.4, update to a version outside of this range to resolve the issue. For FortiProxy versions 7.0.0 through 7.0.10, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to log files to minimize the risk of exploitation.