CVE-2024-33504
4.1MEDIUMA use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all version
게시됨: 2/11/2025업데이트됨: 7/24/2025
설명
A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled.
AI 분석AI 기반
영향받는 제품
fortinetfortimanager
fortinetfortimanager
fortinetfortimanager
fortinetfortimanager_cloud
fortinetfortimanager_cloud
참조
- https://fortiguard.fortinet.com/psirt/FG-IR-24-094Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-pgc3-m5p5-4vc3Third Party Advisory