CVE-2024-33504 LOW

CVE-2024-33504

Vendor Fortinet
Product FortiManager
Weakness CWE-321
Published February 11, 2025
Last update February 11, 2025

CVSS base score

3.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:C

What the vulnerability does

01Description

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled.

Key dates

02Disclosure timeline

February 11, 2025 CVE published
February 11, 2025 Record updated