Headline
CVE-2023-42782: Fortiguard
A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.
** PSIRT Advisories**
FortiAnalyzer - Syslog not protected by an extra layer of authentication
Summary
A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer may allow a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.
Affected Products
FortiAnalyzer version 7.4.0
FortiAnalyzer version 7.2.0 through 7.2.3
FortiAnalyzer 7.0 all versions
FortiAnalyzer 6.4 all versions
FortiAnalyzer 6.2 all versions
Solutions
Please upgrade to FortiAnalyzer version 7.4.1 or above
Please upgrade to FortiAnalyzer version 7.2.4 or above
AND
Configure the “un-encrypted-logging” option to disable receiving syslog without encryption through UDP(514) or TCP(514).
config system log setting
set un-encrypted-logging disable
Acknowledgement
Internally discovered and reported by Francesco Pesare from Fortinet’s professional services team.
Timeline
2023-10-02: Initial publication