Remote Unauthenticated Message Injection Vulnerability in FortiAnalyzer

Remote Unauthenticated Message Injection Vulnerability in FortiAnalyzer

CVE-2023-42782 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.

Learn more about our Cis Benchmark Audit For Server Software.