CVE-2023-26207 — Log File Information Exposure in Fortinet Fortios

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

6.5MEDIUMNVD

CNA3.3

EPSS

0.3%

top 51.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy

Timeline

PublishedJun 13

Description

An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5fortinet/fortios7.2.0 — 7.2.5

▶NVDfortinet/fortios7.2.0 — 7.2.4

▶CVEListV5fortinet/fortiproxy7.2.0 — 7.2.1+1

▶NVDfortinet/fortiproxy7.0.0 — 7.0.10+2

🔴Vulnerability Details

GHSA

GHSA-6h43-h44j-jrm6: An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7↗2023-06-13

▶

CVEList

CVE-2023-26207: An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7↗2023-06-13

▶

📋Vendor Advisories

Fortinet

SMTP password ciphertext exposure in Log↗2023-06-13

▶