CVE-2023-26204

A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-21-141	Vendor Advisory
https://fortiguard.com/psirt/FG-IR-21-141	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem:5.4.0:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.1.0:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.1.1:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.1.2:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.2.0:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.2.1:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.4.0:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.4.1:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.4.2:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.5.0:::::::*
	cpe:2.3:a:fortinet:fortisiem:6.5.1:::::::*

History

No history.

Information

Published : 2023-06-13 09:15

Updated : 2024-11-21 07:50

NVD link : CVE-2023-26204

Mitre link : CVE-2023-26204

CVE.ORG link : CVE-2023-26204

JSON object : View

Products Affected

fortinet

fortisiem

CWE

CWE-256

Plaintext Storage of a Password

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2023-26204", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-06-13T09:15:16.417", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-21-141", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://fortiguard.com/psirt/FG-IR-21-141", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-256"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow\u00a0an attacker able to access user DB content to impersonate any admin user on the device GUI."}], "lastModified": "2024-11-21T07:50:54.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0258A88-352D-4F9A-894D-F7442CAFE461", "versionEndIncluding": "5.3.3", "versionStartIncluding": "5.3.0"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9FC4C46-F269-4635-80BE-BED292538FEF", "versionEndIncluding": "6.3.3", "versionStartIncluding": "6.3.0"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB301503-0ECB-4D21-B341-ACF0F302CF85", "versionEndIncluding": "6.6.3", "versionStartIncluding": "6.6.0"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20FD2D69-73DD-4EA4-ADE6-EB4BCFED7AC7", "versionEndIncluding": "6.7.5", "versionStartIncluding": "6.7.0"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:5.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91E43A1B-D4C5-4FFF-9D3E-00140023921E"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:6.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F52E2B2-A3B1-493F-B092-77A2A44E855A"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B16CB79-AC63-41EA-AE9A-D6030449ACD3"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:6.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "912BA146-D840-4855-8C47-AC3D5E6D0C4C"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:6.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51452B16-AB83-41D3-8779-3E1AEA818AD1"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:6.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F453DE5-E31D-4BD1-8978-DD6D166045E0"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:6.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C48AC74D-9FBE-4194-9BE8-FD2D6A0EC788"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:6.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFFA27A5-0168-4261-9A04-D2DBB0A9946D"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:6.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2035DFA0-FF3A-4BBF-ABFE-0E310A7C668B"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:6.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A391C353-BD26-4262-B86F-E3FBF8915DCA"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDD5BE55-0990-4646-ADA7-9A30981D4DF2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}