CVE-2023-26203

CWE-798Hard-coded Credentials4 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 83.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortinacFortinet Fortinac-f
Timeline
PublishedMay 3
Latest updateMay 4

Description

A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

NVDfortinet/fortinac9.4.09.4.3+1
CVEListV5fortinet/fortinac9.4.09.4.1+5

🔴Vulnerability Details

2
GHSA
GHSA-4pj9-45vq-jvvh: A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 72023-05-04
CVEList
CVE-2023-26203: A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 72023-05-03

📋Vendor Advisories

1
Fortinet
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9...2023-05-03
CVE-2023-26203 (HIGH CVSS 7.8) | A use of hard-coded credentials vul | cvebase.io