CVE-2021-41023

CVE Database · CVE-2021-41023

CVE-2021-41023

· MEDIUMModified

CVSS v3.1

5.5

EPSS

0.21%

Published

Nov 2, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-522

Affected Products (2)

fortinet · fortisiemvulnerable

microsoft · windows

References (2)

https://fortiguard.com/advisory/FG-IR-21-175

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-21-175

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs