CVE-2023-41676: Infoleak
First published: Tue Nov 14 2023(Updated: )
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiSIEM | >=6.7.0<=6.7.5 | |
| Fortinet FortiSIEM | =7.0.0 |
Remedy
Please upgrade to FortiSIEM version 7.1.0 or above Please upgrade to FortiSIEM version 7.0.1 or above Please upgrade to FortiSIEM version 6.7.6 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-41676?
CVE-2023-41676 is a vulnerability in FortiSIEM version 7.0.0 and before 6.7.5 that exposes sensitive information to unauthorized actors.
How does CVE-2023-41676 impact FortiSIEM?
CVE-2023-41676 allows attackers with access to Windows agent logs to obtain the Windows agent password by searching through the logs.
What is the severity of CVE-2023-41676?
CVE-2023-41676 has a severity rating of medium (6.5).
Which software versions are affected by CVE-2023-41676?
FortiSIEM versions 7.0.0 and before 6.7.5 are affected by CVE-2023-41676.
How can the vulnerability in FortiSIEM be fixed?
To fix the vulnerability in FortiSIEM, it is recommended to upgrade to a version after 6.7.5 or version 7.0.0.
- collector/nvd-api
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortisiem
- version/fortinet fortisiem/6.7.0
- version/fortinet fortisiem/6.7.5
- version/fortinet fortisiem/7.0.0