CVE-2021-41023

Summary

A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiSIEMWindowsAgentFortiSIEMWindowsAgent 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.3.0, 3.2.2, 3.2.1, 3.2.0, 3.1.2, 3.1.0affected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References