Hard-Coded Cryptographic Key Vulnerability in Fortinet FortiSwitch
CVE-2023-37936

9.8CRITICAL

Key Information:

Vendor: Fortinet
Status: FortiSwitch
Vendor: CVE Published:; 14 January 2025

Summary

A hard-coded cryptographic key in multiple versions of Fortinet FortiSwitch exposes the devices to potential exploitation. Attackers can execute unauthorized code or commands by sending crafted requests to affected versions. This vulnerability can compromise the integrity of the network and lead to unauthorized access, necessitating swift actions for mitigation and remediation.

References

https://fortiguard.com/psirt/FG-IR-23-260

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2025