CVE-2023-26207

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jun 13, 2023

Updated: Nov 7, 2023

CWE ID 532

Summary

CVE-2023-26207 is a log file vulnerability affecting Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. This issue allows an attacker to insert sensitive information into log files, resulting in certain passwords being recorded in plain text. For FortiOS versions 7.2.0 to 7.2.1, the vulnerability also enables password reading. This security weakness poses a significant risk, emphasizing the importance of promptly updating affected systems to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Fortinet FortiProxy
FortiOS

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rnkIvQ
https://www.cve.org/CVERecord?id=CVE-2023-26207
https://nvd.nist.gov/vuln/detail/CVE-2023-26207

Back to Vulnerability Database