CVE-2023-37935

Summary

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.4.0affected
FortinetFortiOS7.2.0 <= 7.2.5affected
FortinetFortiOS7.0.0 <= 7.0.12affected

Weaknesses

  • CWE-598: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References