Cleartext Storage Vulnerability in FortiTester by Fortinet
CVE-2023-40715

5.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortitester
Vendor: CVE Published:; 13 September 2023

Summary

A cleartext storage of sensitive information vulnerability has been identified in FortiTester versions 2.3.0 through 7.2.3. This issue could allow an unauthorized attacker, with access to the database contents, to compromise system integrity by retrieving plaintext passwords of external servers that have been configured within the FortiTester device. Proper measures should be taken to secure sensitive data storage to prevent such risks.

Affected Version(s)

FortiTester 7.2.0 <= 7.2.3

FortiTester 7.1.0 <= 7.1.1

FortiTester 7.0.0

References

https://fortiguard.com/psirt/FG-IR-22-465

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2023
Vulnerability Reserved
Aug 21, 2023