Severity
Medium
Analysis Summary
CVE-2023-40715 CVSS:5.5
Fortinet FortiTester could allow a local authenticated attacker to obtain sensitive information, caused by cleartext storage of sensitive information. An attacker could exploit this vulnerability to obtain the plaintext password of external servers configured in the device and use this information to launch further attacks against the affected system.
CVE-2023-40717 CVSS:5.3
Fortinet FortiTester could allow a local authenticated attacker to obtain sensitive information, caused by use of hard-coded credentials. By using specially crafted shell commands, an attacker could exploit this vulnerability to access the database, obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-36642 CVSS:6.7
Fortinet FortiTester could allow a local authenticated attacker to execute arbitrary commands on the system, caused by improper neutralization of user-supplied input by the management interface. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Information Disclosure
- Command Execution
Indicators Of Compromise
CVE
- CVE-2023-40715
- CVE-2023-40717
- CVE-2023-36642
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiTester 7.2
- Fortinet FortiTester 7.1
- Fortinet FortiTester 7.0
- Fortinet FortiTester 4.2.0
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.