CVE-2023-45585: 
FortiSIEM vulnerability analysis and mitigation

An insertion of sensitive information into log file vulnerability (CVE-2023-45585) was discovered in FortiSIEM affecting multiple versions including 7.0.0, 6.7.6 and below, 6.6.3 and below, 6.5.1 and below, 6.4.2 and below, 6.3.3 and below, 6.2.1 and below, 6.1.2 and below, 5.4.0, and 5.3.3 and below. The vulnerability was internally discovered by Jingjin Zhu and was initially published on November 14, 2023 (Fortiguard PSIRT).

The vulnerability is classified as CWE-532 (Information Exposure Through Log Files) and has been assigned a CVSSv3 score of 2.1, indicating a low severity level. The vulnerability specifically affects the debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage (Fortiguard PSIRT, NVD).

The vulnerability may allow an authenticated user to view an encrypted ElasticSearch password through debug log files when FortiSIEM is configured with ElasticSearch Event Storage, potentially leading to information disclosure (Fortiguard PSIRT).

Fortinet has released multiple version upgrades to address this vulnerability. Users are advised to upgrade to FortiSIEM version 7.0.1 or above for 7.0.x, version 6.7.7 or above for 6.7.x, version 6.6.4 or above for 6.6.x, version 6.5.2 or above for 6.5.x, and version 6.4.3 or above for 6.4.x. For versions 6.3 and below, users should migrate to a fixed release (Fortiguard PSIRT).