PT-2023-5206 · Fortinet · Fortitester
Published
2023-08-21
·
Updated
2023-09-15
·
CVE-2023-40717
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FortiTester versions 2.3.0 through 7.2.3
Description
A use of hard-coded credentials issue in FortiTester may allow an attacker who has gained shell access to the device to access the database via shell commands. This could potentially lead to unauthorized access to protected information and the execution of arbitrary commands.
Recommendations
For FortiTester versions 2.3.0 through 7.2.3, consider disabling shell access to the device until a patch is available to prevent exploitation of the hard-coded credentials. Restrict access to the database to minimize the risk of unauthorized data access.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortitester