CVE-2023-26204

CWE-256CWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.3%
top 49.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisiem
Timeline
PublishedJun 13

Description

A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5fortinet/fortisiem6.5.06.5.1+8
NVDfortinet/fortisiem5.3.05.3.3+14

🔴Vulnerability Details

2
GHSA
GHSA-v8v4-f4rj-qhhf: A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 62023-06-13
CVEList
CVE-2023-26204: A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 62023-06-13

📋Vendor Advisories

1
Fortinet
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versi...2023-06-13
CVE-2023-26204 (CRITICAL CVSS 9.8) | A plaintext storage of a password v | cvebase.io