| IR Number | FG-IR-19-195 |
| Date | Jan 13, 2020 |
| Severity |
Medium |
| Impact | Information Disclosure |
| CVE ID | CVE-2019-16153 |
| Affected Products |
FortiSIEM
:
5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0, 4.9.0, 4.7.2, 4.10.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiSIEM Database hard-coded Credentials
Summary
A hard-coded password vulnerability in the FortiSIEM database component may allow attackers to access the device database via the use of static credentials.
Affected Products
FortiSIEM 5.2.5 and below
Solutions
Upgrade to FortiSIEM 5.2.6 or above
Acknowledgement
Fortinet is pleased to thank "Independent security researcher Srour Ganoush", "CERT CYBERPROTECT" and "Chris Armstrong from CSCI, Inc" for reporting this vulnerability under responsible disclosure, as well as the FortiGuard team.