CVE-2023-40723

CWE-200Information Exposure4 documents4 sources
Severity
8.1HIGH
EPSS
0.1%
top 65.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisiem
Timeline
PublishedMar 11

Description

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 allows attacker to execute unauthorized code or commands via api request.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortisiem5.1.06.4.2+3
CVEListV5fortinet/fortisiem6.7.06.7.4+11

🔴Vulnerability Details

2
GHSA
GHSA-g4r3-8vqc-mhwc: An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 62025-03-11
CVEList
CVE-2023-40723: An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 62025-03-11

📋Vendor Advisories

1
Fortinet
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6...2025-03-11
CVE-2023-40723 (HIGH CVSS 8.1) | An exposure of sensitive informatio | cvebase.io