CVE-2022-43949Use of a Broken or Risky Cryptographic Algorithm in Fortinet Fortisiem

CWE-327Use of a Broken or Risky Cryptographic Algorithm4 documents4 sources
Severity
7.5HIGHNVD
CNA6.2
EPSS
0.2%
top 64.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisiem
Timeline
PublishedJun 13

Description

A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5fortinet/fortisiem6.7.06.7.1+8
NVDfortinet/fortisiem5.3.05.3.3+15

🔴Vulnerability Details

2
GHSA
GHSA-5f5g-x6wc-4gwv: A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 62023-06-13
CVEList
CVE-2022-43949: A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 62023-06-13

📋Vendor Advisories

1
Fortinet
A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthe...2023-06-13
CVE-2022-43949 — Fortinet Fortisiem vulnerability | cvebase