Lucene search
HistorySep 13, 2023 - 1:15 p.m.
CVE-2023-40717
cve-2023-40717
fortitester
hard-coded credentials
shell access
database
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
5.9
Confidence
High
EPSS
0
Percentile
9.0%
A use of hard-coded credentials vulnerability [CWE-798] inΒ FortiTesterΒ 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.
Affected configurations
Node
fortinetfortitesterRange2.3.0β7.2.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fortinet | fortitester | * | cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:* |
References
Related
prion
prion
Hardcoded credentials
2023-09-13 13:15:00
cvelist
cvelist
CVE-2023-40717
2023-09-13 12:29:45
cve
cve
CVE-2023-40717
2023-09-13 13:15:09
vulnrichment
vulnrichment
CVE-2023-40717
2023-09-13 12:29:45
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
5.9
Confidence
High
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2023-40717