PT-2023-7380 · Fortinet · Fortianalyzer+1
Published
2023-11-14
·
Updated
2023-11-21
·
CVE-2023-40719
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiAnalyzer and FortiManager versions 7.0.0 through 7.0.8
Fortinet FortiAnalyzer and FortiManager versions 7.2.0 through 7.2.3
Fortinet FortiAnalyzer and FortiManager version 7.4.0
Description
A use of hard-coded credentials issue allows an attacker to access private testing data via the use of static credentials. This issue is related to the use of static credentials in the software, which can be exploited by an attacker to gain access to confidential information.
Recommendations
For Fortinet FortiAnalyzer and FortiManager versions 7.0.0 through 7.0.8, update to a version that does not use hard-coded credentials.
For Fortinet FortiAnalyzer and FortiManager versions 7.2.0 through 7.2.3, update to a version that does not use hard-coded credentials.
For Fortinet FortiAnalyzer and FortiManager version 7.4.0, update to a version that does not use hard-coded credentials.
As a temporary workaround, consider restricting access to the affected systems until a patch is available.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortianalyzer
Fortimanager