CVE-2023-40719 MEDIUM

CVE-2023-40719

Vendor Fortinet
Product FortiAnalyzer
Weakness CWE-798 · Hardcoded credentials
Published November 14, 2023
Last update August 30, 2024

CVSS base score

4.1/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:X/RC:X

What the vulnerability does

01Description

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials.

Key dates

02Disclosure timeline

November 14, 2023 CVE published
August 30, 2024 Record updated