exploitDog

GHSA-6rfg-cmrr-c9j6

Опубликовано: 11 фев. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 4.1

Описание

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled.

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled.

Ссылки

EPSS

Процентиль: 20%

0.00064

Низкий

4.1 Medium

CVSS3

CVE ID

Дефекты

CWE-321

Связанные уязвимости

CVE-2024-33504

CVSS3: 4.1

nvd

12 месяцев назад

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled.

BDU:2025-01615

CVSS3: 4.1

fstec

почти 2 года назад

Уязвимость интерфейса командной строки (CLI) программного средства централизованного управления устройствами Fortinet FortiManager, позволяющая нарушителю раскрыть конфиденциальную информацию

EPSS

Процентиль: 20%

0.00064

Низкий

4.1 Medium

CVSS3

CVE ID

Дефекты

CWE-321