CVE-2023-26204 LOW

CVE-2023-26204

Vendor Fortinet
Product FortiSIEM
Weakness CWE-256
Published June 13, 2023
Last update October 22, 2024

CVSS base score

3.6/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C

What the vulnerability does

01Description

A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI.

Key dates

02Disclosure timeline

June 13, 2023 CVE published
October 22, 2024 Record updated