CVE-2023-40715

Summary

A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiTester7.2.0 <= 7.2.3affected
FortinetFortiTester7.1.0 <= 7.1.1affected
FortinetFortiTester7.0.0affected
FortinetFortiTester4.2.0 <= 4.2.1affected
FortinetFortiTester4.1.0 <= 4.1.1affected
FortinetFortiTester4.0.0affected
FortinetFortiTester3.9.0 <= 3.9.2affected
FortinetFortiTester3.8.0affected
FortinetFortiTester3.7.0 <= 3.7.1affected
FortinetFortiTester3.6.0affected
FortinetFortiTester3.5.0 <= 3.5.1affected
FortinetFortiTester3.4.0affected
FortinetFortiTester3.3.0 <= 3.3.1affected
FortinetFortiTester3.2.0affected
FortinetFortiTester3.1.0affected
FortinetFortiTester3.0.0affected
FortinetFortiTester2.9.0affected
FortinetFortiTester2.8.0affected
FortinetFortiTester2.7.0affected
FortinetFortiTester2.6.0affected
FortinetFortiTester2.5.0affected
FortinetFortiTester2.4.0 <= 2.4.1affected
FortinetFortiTester2.3.0affected

Weaknesses

  • CWE-312: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References