CVE-2023-45585

Name of the Vulnerable Software and Affected Versions FortiSIEM versions 5.3.3 and below FortiSIEM versions 5.4.0 FortiSIEM versions 6.1.2 and below FortiSIEM versions 6.2.1 and below FortiSIEM versions 6.3.3 and below FortiSIEM versions 6.4.2 and below FortiSIEM versions 6.5.1 and below FortiSIEM versions 6.6.3 and below FortiSIEM versions 6.7.6 and below FortiSIEM version 7.0.0

Description The issue is related to the insertion of sensitive information into log files, which may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage. This is due to insufficient protection of registration data.

Recommendations For FortiSIEM versions 5.3.3 and below, consider disabling the ElasticSearch Event Storage feature until a patch is available. For FortiSIEM versions 5.4.0, restrict access to debug log files to minimize the risk of exploitation. For FortiSIEM versions 6.1.2 and below, avoid using the debug log files feature in conjunction with ElasticSearch Event Storage. For FortiSIEM versions 6.2.1 and below, limit access to the encrypted ElasticSearch password. For FortiSIEM versions 6.3.3 and below, consider implementing additional security measures to protect registration data. For FortiSIEM versions 6.4.2 and below, restrict access to the ElasticSearch Event Storage configuration. For FortiSIEM versions 6.5.1 and below, disable the debug log files feature when not necessary. For FortiSIEM versions 6.6.3 and below, limit access to the debug log files generated by FortiSIEM. For FortiSIEM versions 6.7.6 and below, consider implementing a secure logging mechanism. For FortiSIEM version 7.0.0, restrict access to the ElasticSearch password and consider disabling the ElasticSearch Event Storage feature until a patch is available.