What is CVE-2023-40717?

CVE-2023-40717 is a medium-severity vulnerability in Fortinet Fortitester, classified under Use of Hard-coded Credentials. CVSS score: 5.0/10. Published 2023-09-13.

How severe is CVE-2023-40717?

Medium severity. CVSS v3 base score is 5.0 out of 10.

Vulnerability in Fortinet Fortitester

CVE-2023-40717

A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.

EPSS: 0.001 (22.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C.

Affected products

Fortinet Fortitester — versions 7.2.0, 7.1.0, 7.0.0

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

References

https://fortiguard.com/psirt/FG-IR-22-245

Frequently asked questions

What is CVE-2023-40717?: CVE-2023-40717 is a medium-severity vulnerability in Fortinet Fortitester, classified under Use of Hard-coded Credentials. CVSS score: 5.0/10. Published 2023-09-13.
How severe is CVE-2023-40717?: Medium severity. CVSS v3 base score is 5.0 out of 10.