Описание
A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.2.7 (исключая)
cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00165
Низкий
3.7 Low
CVSS3
8.1 High
CVSS3
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 3.7
github
11 месяцев назад
A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image.
EPSS
Процентиль: 38%
0.00165
Низкий
3.7 Low
CVSS3
8.1 High
CVSS3
Дефекты
CWE-798