Lucene search

PRIOn knowledge basePRION:CVE-2023-42782

HistoryOct 10, 2023 - 5:15 p.m.

Authorization

2023-10-1017:15:00

PRIOn knowledge base

www.prio-n.com

authorization

vulnerability

fortianalyzer

remote attacker

syslog server

serial number

nvd

cwe-345

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.6%

JSON

A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.

CPENameOperatorVersion
fortianalyzerge6.2.0
fortianalyzerle6.2.12
fortianalyzereq7.4.0
fortianalyzerge7.2.0
fortianalyzerle7.2.3
fortianalyzerge7.0.0
fortianalyzerle7.0.9
fortianalyzerge6.4.0
fortianalyzerle6.4.13

Name	Operator	Version
fortianalyzer	ge	6.2.0
fortianalyzer	le	6.2.12
fortianalyzer	eq	7.4.0
fortianalyzer	ge	7.2.0
fortianalyzer	le	7.2.3
fortianalyzer	ge	7.0.0
fortianalyzer	le	7.0.9
fortianalyzer	ge	6.4.0
fortianalyzer	le	6.4.13

References

fortiguard.com/psirt/FG-IR-23-221