CVE-2023-40719

2023-11-1419:15:30

CWE-798

[email protected]

web.nvd.nist.gov

cve-2023-40719

hard-coded credentials

fortinet

fortianalyzer

fortimanager

static credentials

security vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

9.0%

JSON

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials.

Affected configurations

Nvd

Node

fortinetfortianalyzerRange7.0.0–7.0.10

fortinetfortianalyzerRange7.2.0–7.2.3

fortinetfortianalyzerMatch7.4.0

fortinetfortimanagerRange7.0.0–7.0.10

fortinetfortimanagerRange7.2.0–7.2.3

fortinetfortimanagerMatch7.4.0

VendorProductVersionCPE
fortinetfortianalyzer*cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
fortinetfortianalyzer7.4.0cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
fortinetfortimanager*cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
fortinetfortimanager7.4.0cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortianalyzer	*	cpe:2.3:a:fortinet:fortianalyzer::::::::
fortinet	fortianalyzer	7.4.0	cpe:2.3:a:fortinet:fortianalyzer:7.4.0:::::::*
fortinet	fortimanager	*	cpe:2.3:a:fortinet:fortimanager::::::::
fortinet	fortimanager	7.4.0	cpe:2.3:a:fortinet:fortimanager:7.4.0:::::::*