Vulnerability Description
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.
CVSS Score
4.9
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortiweb | <= 5.8.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100205Third Party AdvisoryVDB Entry
- https://fortiguard.com/advisory/FG-IR-17-162Vendor Advisory
- http://www.securityfocus.com/bid/100205Third Party AdvisoryVDB Entry
- https://fortiguard.com/advisory/FG-IR-17-162Vendor Advisory
FAQ
What is CVE-2017-7737?
CVE-2017-7737 is a vulnerability with a CVSS score of 4.9 (MEDIUM). An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.
How severe is CVE-2017-7737?
CVE-2017-7737 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7737?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiweb.