153 matches found
CVE-2023-36642
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
CVE-2023-40717
A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...
CVE-2023-40717
A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...
CVE-2023-40715
A cleartext storage of sensitive information vulnerability CWE-312 in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device...
CVE-2023-40715
A cleartext storage of sensitive information vulnerability CWE-312 in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device...
CVE-2023-36642
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
Command injection
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
Information disclosure
A cleartext storage of sensitive information vulnerability CWE-312 in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device...
Hardcoded credentials
A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...
CVE-2023-40715
A cleartext storage of sensitive information vulnerability CWE-312 in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device...
CVE-2023-40715
A cleartext storage of sensitive information vulnerability CWE-312 in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device...
CVE-2023-40715
FortiTester (versions 2.3.0–7.2.3) is affected by a cleartext storage of sensitive information (CWE-312). An attacker with access to the device’s database could retrieve plaintext passwords for external servers configured in the device. Root cause is storing sensitive data in plaintext. The conne...
CVE-2023-40717
A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...
CVE-2023-40717
CVE-2023-40717 concerns FortiTester versions 2.3.0–7.2.3, where a hard-coded credentials flaw (CWE-798) could let an attacker who gains a shell on the device access the database via shell commands. The Red Hat and PTSecurity entries confirm the vulnerable platform and a local access path to reach...
CVE-2023-40717
A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...
CVE-2023-36642
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
CVE-2023-36642
CVE-2023-36642 affects FortiTester management interface, with versions 3.0.0–7.2.3 vulnerable to an OS command injection due to improper neutralization of special elements (CWE-78). An authenticated attacker can execute unauthorized commands by crafting arguments to existing commands. The issue i...
FortiTester Operating System Command Injection Vulnerability
FortiTester is a Fortinet Professional-based network traffic testing tool from FortiTester, Inc. A security vulnerability exists in FortiTester versions 3.0.0 through 7.2.3 that stems from an operating system command injection vulnerability in the management interface. An attacker could use this...
PT-2023-25648 · Fortinet · Fortitester
Name of the Vulnerable Software and Affected Versions: FortiTester versions 3.0.0 through 7.2.3 Description: An improper neutralization of special elements used in an OS command vulnerability in the management interface may allow an authenticated attacker to execute unauthorized commands via...
FortiTester Security Vulnerabilities
FortiTester is a Fortinet Professional-based network traffic testing tool from FortiTester, Inc. A security vulnerability exists in FortiTester versions 2.3.0 through 7.2.3, which stems from the presence of a sensitive information plaintext storage vulnerability that could allow an attacker with...