Lucene search
K

153 matches found

OSV
OSV
added 2023/09/13 1:15 p.m.2 views

CVE-2023-36642

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

7.8CVSS5.9AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2023/09/13 1:15 p.m.2 views

CVE-2023-40717

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

7.8CVSS5.8AI score0.00191EPSS
Exploits0References1
NVD
NVD
added 2023/09/13 1:15 p.m.27 views

CVE-2023-40717

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

7.8CVSS5.9AI score0.00191EPSS
Exploits0References1
OSV
OSV
added 2023/09/13 1:15 p.m.4 views

CVE-2023-40715

A cleartext storage of sensitive information vulnerability CWE-312 in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device...

5.5CVSS5.8AI score0.00152EPSS
Exploits0References1
NVD
NVD
added 2023/09/13 1:15 p.m.18 views

CVE-2023-40715

A cleartext storage of sensitive information vulnerability CWE-312 in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device...

5.5CVSS5.4AI score0.00152EPSS
Exploits0References1
NVD
NVD
added 2023/09/13 1:15 p.m.39 views

CVE-2023-36642

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

7.8CVSS7AI score0.00197EPSS
Exploits0References1
Prion
Prion
added 2023/09/13 1:15 p.m.20 views

Command injection

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

4.3CVSS7.7AI score0.00197EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/09/13 1:15 p.m.19 views

Information disclosure

A cleartext storage of sensitive information vulnerability CWE-312 in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device...

1.7CVSS5.4AI score0.00152EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/09/13 1:15 p.m.18 views

Hardcoded credentials

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

4.3CVSS7.5AI score0.00191EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/13 12:29 p.m.22 views

CVE-2023-40715

A cleartext storage of sensitive information vulnerability CWE-312 in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device...

5.5CVSS5.7AI score0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/13 12:29 p.m.11 views

CVE-2023-40715

A cleartext storage of sensitive information vulnerability CWE-312 in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device...

5.5CVSS6.6AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2023/09/13 12:29 p.m.40 views

CVE-2023-40715

FortiTester (versions 2.3.0–7.2.3) is affected by a cleartext storage of sensitive information (CWE-312). An attacker with access to the device’s database could retrieve plaintext passwords for external servers configured in the device. Root cause is storing sensitive data in plaintext. The conne...

5.5CVSS5.4AI score0.00152EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/13 12:29 p.m.15 views

CVE-2023-40717

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

5.3CVSS6.9AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 2023/09/13 12:29 p.m.53 views

CVE-2023-40717

CVE-2023-40717 concerns FortiTester versions 2.3.0–7.2.3, where a hard-coded credentials flaw (CWE-798) could let an attacker who gains a shell on the device access the database via shell commands. The Red Hat and PTSecurity entries confirm the vulnerable platform and a local access path to reach...

7.8CVSS7.5AI score0.00191EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/13 12:29 p.m.25 views

CVE-2023-40717

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

5.3CVSS7.8AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/13 12:29 p.m.11 views

CVE-2023-36642

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

6.7CVSS7.3AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2023/09/13 12:29 p.m.44 views

CVE-2023-36642

CVE-2023-36642 affects FortiTester management interface, with versions 3.0.0–7.2.3 vulnerable to an OS command injection due to improper neutralization of special elements (CWE-78). An authenticated attacker can execute unauthorized commands by crafting arguments to existing commands. The issue i...

7.8CVSS7.7AI score0.00197EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/09/13 12:0 a.m.5 views

FortiTester Operating System Command Injection Vulnerability

FortiTester is a Fortinet Professional-based network traffic testing tool from FortiTester, Inc. A security vulnerability exists in FortiTester versions 3.0.0 through 7.2.3 that stems from an operating system command injection vulnerability in the management interface. An attacker could use this...

7.8CVSS7.8AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/13 12:0 a.m.3 views

PT-2023-25648 · Fortinet · Fortitester

Name of the Vulnerable Software and Affected Versions: FortiTester versions 3.0.0 through 7.2.3 Description: An improper neutralization of special elements used in an OS command vulnerability in the management interface may allow an authenticated attacker to execute unauthorized commands via...

7.8CVSS7.7AI score0.00197EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/09/13 12:0 a.m.4 views

FortiTester Security Vulnerabilities

FortiTester is a Fortinet Professional-based network traffic testing tool from FortiTester, Inc. A security vulnerability exists in FortiTester versions 2.3.0 through 7.2.3, which stems from the presence of a sensitive information plaintext storage vulnerability that could allow an attacker with...

5.5CVSS6.4AI score0.00152EPSS
Exploits0References3
Rows per page
Query Builder