CVE-2023-37936

Summary

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSwitch7.4.0affected
FortinetFortiSwitch7.2.0 <= 7.2.5affected
FortinetFortiSwitch7.0.0 <= 7.0.7affected
FortinetFortiSwitch6.4.0 <= 6.4.13affected
FortinetFortiSwitch6.2.0 <= 6.2.7affected
FortinetFortiSwitch6.0.0 <= 6.0.7affected

Weaknesses

  • CWE-321: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References