PSIRT Advisory

FortiSIEM Database hard-coded Credentials

Summary

A hard-coded password vulnerability in the FortiSIEM database component may allow attackers to access the device database via the use of static credentials.

Impact

Information Disclosure

Affected Products

FortiSIEM 5.2.5 and below

Solutions

Upgrade to FortiSIEM 5.2.6 or above

Acknowledgement

Fortinet is pleased to thank "Independent security researcher Srour Ganoush", "CERT CYBERPROTECT" and "Chris Armstrong from CSCI, Inc" for reporting this vulnerability under responsible disclosure, as well as the FortiGuard team.