CVE-2023-23776

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer

Published: Mar 7, 2023
Updated: Nov 8, 2023
CVE: CVE-2023-23776
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.1
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-312

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
fortinet / fortianalyzer	7.0.0	7.0.5
fortinet / fortianalyzer	7.2.0	7.2.2
fortinet / fortianalyzer	6.4.0	6.4.11

https://fortiguard.com/psirt/FG-IR-22-447

Vulnerability Database

290,206

CVE-2023-23776