CVE-2022-43949
Severity CVSS v4.0:
Pending analysis
Type:
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
Publication date:
13/06/2023
Last modified:
07/11/2023
Description
A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:* | 5.3.0 (including) | 5.3.3 (including) |
| cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:* | 6.3.0 (including) | 6.3.3 (including) |
| cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:* | 6.6.0 (including) | 6.6.3 (including) |
| cpe:2.3:a:fortinet:fortisiem:5.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.7.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page