CVE-2022-43949 MEDIUM

CVE-2022-43949

Vendor Fortinet
Product FortiSIEM
Weakness CWE-327 · Broken crypto
Published June 13, 2023
Last update October 22, 2024

CVSS base score

5.9/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C

What the vulnerability does

01Description

A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods.

Key dates

02Disclosure timeline

June 13, 2023 CVE published
October 22, 2024 Record updated