Fortinet FortiSIEM up to 6.7.0 risky encryption

Summaryinfo

A vulnerability categorized as problematic has been discovered in Fortinet FortiSIEM up to 6.7.0. This affects an unknown function. Executing a manipulation can lead to risky encryption. This vulnerability is handled as CVE-2022-43949. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability was found in Fortinet FortiSIEM up to 6.7.0. It has been declared as problematic. This vulnerability affects an unknown functionality. The manipulation with an unknown input leads to a risky encryption vulnerability. The CWE definition for the vulnerability is CWE-327. The product uses a broken or risky cryptographic algorithm or protocol. As an impact it is known to affect confidentiality. CVE summarizes:

A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods.

The weakness was released 06/13/2023 as FG-IR-22-259. The advisory is shared for download at fortiguard.com. This vulnerability was named CVE-2022-43949 since 10/27/2022. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1600.

Upgrading to version 6.7.1 eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• Fortinet

Name

• FortiSIEM

Version

• 6.0
• 6.1
• 6.2
• 6.3
• 6.4
• 6.5
• 6.6
• 6.7.0

License

• commercial

Website

• Vendor: https://www.fortinet.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion