CVE-2023-41676

Summary

An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSIEM7.0.0affected
FortinetFortiSIEM6.7.0 <= 6.7.5affected

Weaknesses

  • CWE-200: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References