Rewterz Threat Advisory – Multiple Fortinet FortiNAC Vulnerabilities

June 13, 2023

Rewterz Threat Advisory – CVE-2023-33877 – Fortinet FortiClientWindows and FortiConverter Vulnerability

June 13, 2023

Rewterz Threat Advisory – Multiple Fortinet FortiSIEM Vulnerabilities

June 13, 2023

Severity

Medium

Analysis Summary

CVE-2023-42478 CVSS:8.1

Fortinet FortiSIEM could allow a remote attacker to obtain sensitive information, caused by improper restriction of excessive authentication attempts. By utilize brute force attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-26204 CVSS:3.7

Fortinet FortiSIEM could allow a remote attacker to obtain sensitive information, caused by the storage of user credentials in plain-text. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain password information, and use this information to launch further attacks against the affected system.

CVE-2022-43949 CVSS:7.5

Fortinet FortiSIEM could allow a remote attacker to obtain sensitive information, caused by the use of a broken or risky cryptographic algorithm. By utilize brute force attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

Impact

Information Disclosure

Indicators Of Compromise

CVE

CVE-2023-42478
CVE-2023-26204
CVE-2022-43949

Affected Vendors

Fortinet

Affected Products

Fortinet FortiSIEM 5.3
Fortinet FortiSIEM 5.4
Fortinet FortiSIEM 6.1
Fortinet FortiSIEM 6.2
Fortinet FortiSIEM 6.3
Fortinet FortiSIEM 6.4
Fortinet FortiSIEM 6.5
Fortinet FortiSIEM 6.6
Fortinet FortiSIEM 6.7.0
Fortinet FortiSIEM 5.1
Fortinet FortiSIEM 5.2
Fortinet FortiSIEM 6.7.1

Remediation

Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.

CVE-2023-42478

CVE-2023-26204

CVE-2022-43949

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Multiple IBM Products Vulnerabilities

All Users of Dropbox Digital Signature Service Impacted by Security Breach

FIN7 APT – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Multiple IBM Products Vulnerabilities

All Users of Dropbox Digital Signature Service Impacted by Security Breach

FIN7 APT – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Multiple Fortinet FortiNAC Vulnerabilities

Rewterz Threat Advisory – CVE-2023-33877 – Fortinet FortiClientWindows and FortiConverter Vulnerability