PSIRT

FortiSIEM PostgreSQL hardcoded Credentials

Summary

A hard-coded password vulnerability in the FortiSIEM database component may allow attackers to access the device database via the use of static credentials.

Affected Products

FortiSIEM 5.2.5 and below

Solutions

Upgrade to FortiSIEM 5.2.6 or above

Acknowledgement

Fortinet is pleased to thank "Independent security researcher Srour Ganoush", "CERT CYBERPROTECT" and "Chris Armstrong from CSCI, Inc" for reporting this vulnerability under responsible disclosure, as well as the FortiGuard team.

IR Number	FG-IR-19-195
Published Date	Jan 13, 2020
Severity	High
Discovered	External
Attack Type	Authenticated
Known Exploited	No
CVSSv3 Score	7.9
Impact	Information disclosure
CVE ID
Download	CVRF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

FortiSIEM PostgreSQL hardcoded Credentials

Summary

Affected Products

Solutions

Acknowledgement

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

FortiSIEM PostgreSQL hardcoded Credentials

Summary

Affected Products

Solutions

Acknowledgement

Threat Intelligence
Center