CVE-2023-26207

Summary

An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiProxy7.2.0 <= 7.2.1affected
FortinetFortiProxy7.0.0 <= 7.0.10affected
FortinetFortiOS7.2.0 <= 7.2.5affected

Weaknesses

  • CWE-532: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References