CVE-2022-26119

CWE-798Hard-coded CredentialsCWE-287Improper Authentication4 documents4 sources
Severity
7.8HIGH
EPSS
0.0%
top 87.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortisiemFortinet Fortinet Fortisiem
Timeline
PublishedNov 2

Description

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortisiem5.1.05.1.3+13
CVEListV5fortinet/fortinet_fortisiemFortiSIEM 6.4.0, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 5.4.0, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
CVEList
CVE-2022-26119: A improper authentication vulnerability in Fortinet FortiSIEM before 62022-11-02
GHSA
GHSA-9qf9-3f53-7x3q: A improper authentication vulnerability in Fortinet FortiSIEM before 62022-11-02

📋Vendor Advisories

1
Fortinet
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to pe...2022-11-02
CVE-2022-26119 (HIGH CVSS 7.8) | A improper authentication vulnerabi | cvebase.io