CVE-2023-40715
First published: Wed Sep 13 2023(Updated: )
A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.
Credit: psirt@fortinet.com psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet Fortitester | >=2.3.0<=7.2.3 |
Remedy
Please upgrade to FortiTester version 7.3.0 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-40715.
What is the title of this vulnerability?
The title of this vulnerability is 'A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3.'
What is the severity of CVE-2023-40715?
The severity of CVE-2023-40715 is medium, with a severity value of 5.5.
What is the impact of this vulnerability?
This vulnerability may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to update FortiTester to a version that is above 7.2.3.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/fortinet
- canonical/fortinet fortitester
- version/fortinet fortitester/2.3.0
- version/fortinet fortitester/7.2.3