Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
敏感数据的明文存储
Vulnerability Title
Fortinet多款产品 安全漏洞
Vulnerability Description
Fortinet FortiRecorder等都是美国飞塔(Fortinet)公司的产品。Fortinet FortiRecorder是一套基于Web的网络视频录像机管理系统。Fortinet FortiMail是一套电子邮件安全网关产品。Fortinet FortiVoice是一个统一通信和协作即服务。 Fortinet多款产品存在安全漏洞,该漏洞源于敏感信息明文存储,可能导致经过身份验证的恶意管理员通过CLI命令获取用户密钥。以下产品及版本受到影响:FortiMail 7.6.0至7.6.2版本、Fo
CVSS Information
N/A
Vulnerability Type
N/A