FortiSIEM Database hard-coded Credentials
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-195
Final
1
1
2020-01-13T00:00:00
Current version
2020-01-13T00:00:00
2020-01-13T00:00:00
A hard-coded password vulnerability in the FortiSIEM database component may allow attackers to access the device database via the use of static credentials.
Information Disclosure
FortiSIEM 5.2.5 and below
Upgrade to FortiSIEM 5.2.6 or above
Fortinet is pleased to thank "Independent security researcher Srour Ganoush", "CERT CYBERPROTECT" and "Chris Armstrong from CSCI, Inc" for reporting this vulnerability under responsible disclosure, as well as the FortiGuard team.
FortiSIEM 5.2.5
FortiSIEM 5.2.2
FortiSIEM 5.2.1
FortiSIEM 5.1.3
FortiSIEM 5.1.2
FortiSIEM 5.1.1
FortiSIEM 5.1.0
FortiSIEM 5.0.1
FortiSIEM 5.0.0
FortiSIEM 4.10.0
FortiSIEM 4.9.0
FortiSIEM 4.7.2
FortiSIEM Database hard-coded Credentials
CVE-2019-16153
FortiSIEM-5.2.5
FortiSIEM-5.2.2
FortiSIEM-5.2.1
FortiSIEM-5.1.3
FortiSIEM-5.1.2
FortiSIEM-5.1.1
FortiSIEM-5.1.0
FortiSIEM-5.0.1
FortiSIEM-5.0.0
FortiSIEM-4.10.0
FortiSIEM-4.9.0
FortiSIEM-4.7.2
7.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-195
FortiSIEM Database hard-coded Credentials
Reference>