CVE-2023-40719
First published: Tue Nov 14 2023(Updated: )
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiAnalyzer | >=7.0.0<=7.0.10 | |
| Fortinet FortiAnalyzer | >=7.2.0<=7.2.3 | |
| Fortinet FortiAnalyzer | =7.4.0 | |
| Fortinet FortiManager | >=7.0.0<=7.0.10 | |
| Fortinet FortiManager | >=7.2.0<=7.2.3 | |
| Fortinet FortiManager | =7.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-40719?
CVE-2023-40719 is a use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0.
How can an attacker exploit CVE-2023-40719?
An attacker can exploit CVE-2023-40719 by using static credentials to access Fortinet private testing data.
What is the severity of CVE-2023-40719?
CVE-2023-40719 has a severity rating of 5.5 (medium).
What versions of Fortinet FortiAnalyzer and FortiManager are affected by CVE-2023-40719?
CVE-2023-40719 affects Fortinet FortiAnalyzer versions 7.0.0 - 7.0.8, 7.2.0 - 7.2.3, and 7.4.0, as well as Fortinet FortiManager versions 7.0.0 - 7.0.8, 7.2.0 - 7.2.3, and 7.4.0.
Is there a fix available for CVE-2023-40719?
Yes, Fortinet has released patches to address the hard-coded credentials vulnerability in FortiAnalyzer and FortiManager. It is recommended to update to the latest available version.
- collector/mitre-cve
- collector/nvd-api
- vendor/fortinet
- product/fortianalyzer
- canonical/fortinet fortianalyzer
- product/fortimanager
- canonical/fortinet fortimanager