CVE-2023-41676

4.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisiem
Vendor: CVE Published:; 14 November 2023

Summary

An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs.

Affected Version(s)

FortiSIEM 7.0.0

FortiSIEM 6.7.0 <= 6.7.5

References

https://fortiguard.com/psirt/FG-IR-23-290

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Aug 30, 2023