CVE-2024-33504 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through…
Medium CVSS: 4.1

CVE-2024-33504

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled.
Vendor
Fortinet
Product
Fortimanager
CWE
CWE-321
Yayın Tarihi
2025-02-11 17:15:22
Güncelleme
2025-07-24 20:00:29
Source Identifier
psirt@fortinet.com
KEV Date Added
-

Kategoriler

CWE-321 Fortimanager MEDIUM Fortinet 2025

Referanslar

https://fortiguard.fortinet.com/psirt/FG-IR-24-094 https://github.com/orangecertcc/security-research/security/advisories/GHSA-pgc3-m5p5-4vc3