CVE-2023-37936

Published: Jan 14, 2025Modified: Jan 31, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests.

Affected (5)

Products: Fortinet: Fortiswitch

Fortinet

1 product

Fortiswitch

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiswitch	From 6.0.0 to 6.2.8
Fortinet Fortiswitch	From 6.4.0 to 6.4.14
Fortinet Fortiswitch	From 7.0.0 to 7.0.8
Fortinet Fortiswitch	From 7.2.0 to 7.2.6
Fortinet Fortiswitch	Version 7.4.0

Related CWEs

CWE-321

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (1)

https://fortiguard.com/psirt/FG-IR-23-260

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.