CVE-2023-40717

CWE-798Hard-coded Credentials4 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 77.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortitester
Timeline
PublishedSep 13

Description

A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5fortinet/fortitester7.2.07.2.3+22
NVDfortinet/fortitester2.3.07.2.3

🔴Vulnerability Details

2
CVEList
CVE-2023-40717: A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 22023-09-13
GHSA
GHSA-32xv-jxqg-mhrf: A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 22023-09-13

📋Vendor Advisories

1
Fortinet
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who man...2023-09-13
CVE-2023-40717 (HIGH CVSS 7.8) | A use of hard-coded credentials vul | cvebase.io