CVE-2021-41023Insufficiently Protected Credentials in Fortinet Fortisiem

CWE-522Insufficiently Protected CredentialsCWE-312Cleartext Storage of Sensitive Info4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 84.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortisiemFortinet Fortisiemwindowsagent
Timeline
PublishedNov 2
Latest updateMay 24

Description

A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5fortinet/fortinet_fortisiemwindowsagentFortiSIEMWindowsAgent 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.3.0, 3.2.2, 3.2.1, 3.2.0, 3.1.2, 3.1.0
NVDfortinet/fortisiem3.1.04.1.4

🔴Vulnerability Details

2
GHSA
GHSA-5vqp-64mp-pg5r: A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 42022-05-24
CVEList
CVE-2021-41023: A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 42021-11-02

📋Vendor Advisories

1
Fortinet
A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated...2021-11-02
CVE-2021-41023 — Insufficiently Protected Credentials | cvebase