Sensitive Information Exposure in Fortinet FortiSIEM Products
CVE-2023-40723

7.7HIGH

Key Information:

Vendor: Fortinet
Status: Fortisiem
Vendor: CVE Published:; 11 March 2025

Summary

A vulnerability in Fortinet FortiSIEM has been identified that allows an unauthorized actor to exploit sensitive information exposure through API requests. This issue spans several versions of FortiSIEM, enabling attackers to potentially execute unauthorized code or commands, leading to significant security risks for organizations relying on these systems.

Affected Version(s)

FortiSIEM 6.7.0 <= 6.7.4

FortiSIEM 6.6.0 <= 6.6.3

FortiSIEM 6.5.0 <= 6.5.1

References

https://fortiguard.com/psirt/FG-IR-23-117

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Aug 21, 2023