CVE-2023-26207

Published: Jun 13, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text.

Affected (4)

Products: Fortinet: Fortios, Fortiproxy

Fortinet

2 products

Fortios

Fortiproxy

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 7.2.0 to 7.2.4
Fortinet Fortiproxy	From 7.0.0 to 7.0.10
Fortinet Fortiproxy	Version 7.2.0
Fortinet Fortiproxy	Version 7.2.1

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://fortiguard.com/psirt/FG-IR-22-455

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-455

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.