CVE-2023-40723

Summary

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 allows attacker to execute unauthorized code or commands via api request.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSIEM6.7.0 <= 6.7.4affected
FortinetFortiSIEM6.6.0 <= 6.6.3affected
FortinetFortiSIEM6.5.0 <= 6.5.1affected
FortinetFortiSIEM6.4.0 <= 6.4.2affected
FortinetFortiSIEM6.3.0 <= 6.3.3affected
FortinetFortiSIEM6.2.0 <= 6.2.1affected
FortinetFortiSIEM6.1.0 <= 6.1.2affected
FortinetFortiSIEM5.4.0affected
FortinetFortiSIEM5.3.0 <= 5.3.3affected
FortinetFortiSIEM5.2.5 <= 5.2.8affected
FortinetFortiSIEM5.2.1 <= 5.2.2affected
FortinetFortiSIEM5.1.0 <= 5.1.3affected

Weaknesses

  • CWE-200: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References