CVE-2023-40717 MEDIUM

CVE-2023-40717

Vendor Fortinet
Product FortiTester
Weakness CWE-798 · Hardcoded credentials
Published September 13, 2023
Last update September 24, 2024

CVSS base score

5.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C

What the vulnerability does

01Description

A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.

Key dates

02Disclosure timeline

September 13, 2023 CVE published
September 24, 2024 Record updated