Sensitive Information Exposure in FortiSIEM: Unauthorized Access to Windows Agent Password via Log Search

Sensitive Information Exposure in FortiSIEM: Unauthorized Access to Windows Agent Password via Log Search

CVE-2023-41676 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs.

Learn more about our Web Application Penetration Testing UK.