First published: Wed Sep 13 2023(Updated: )
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.
Credit: psirt@fortinet.com psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiTester | >=2.3.0<=7.2.3 |
Please upgrade to FortiTester version 7.3.0 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2023-40717.
The severity of CVE-2023-40717 is high, with a severity value of 7.8.
The affected software for CVE-2023-40717 is FortiTester versions 2.3.0 through 7.2.3.
The CWE ID for this vulnerability is CWE-798.
An attacker can exploit CVE-2023-40717 by gaining shell access to the device and accessing the database using shell commands.