Lucene search

[email protected]NVD:CVE-2023-23776

HistoryMar 07, 2023 - 5:15 p.m.

CVE-2023-23776

2023-03-0717:15:12

CWE-200

CWE-312

[email protected]

web.nvd.nist.gov

cwe-200

vulnerability

fortianalyzer

remote authenticated attacker

plaintext password

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

35.9%

JSON

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer

Affected configurations

Nvd

Node

fortinetfortianalyzerRange6.4.0–6.4.11

fortinetfortianalyzerRange7.0.0–7.0.5

fortinetfortianalyzerRange7.2.0–7.2.2

VendorProductVersionCPE
fortinetfortianalyzer*cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortianalyzer	*	cpe:2.3:a:fortinet:fortianalyzer::::::::

References

fortiguard.com/psirt/FG-IR-22-447

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

35.9%

JSON

Related for NVD:CVE-2023-23776

cve1 prion1 cvelist1 fortinet1