7.7

CVE-2024-33504

EPSS 0.04%
Published 11.02.2025 17:15:22
Last modified 24.07.2025 20:00:29
Source psirt@fortinet.com
Teams watchlist Login
Open Login

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Fortinet ≫ Fortimanager Version >= 6.4.0 < 7.2.10

Fortinet ≫ Fortimanager Version >= 7.4.0 < 7.4.6

Fortinet ≫ Fortimanager Version >= 7.6.0 < 7.6.2

Fortinet ≫ Fortimanager Cloud Version >= 6.4.1 < 7.2.9

Fortinet ≫ Fortimanager Cloud Version >= 7.4.1 < 7.4.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.117

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.7	3.1	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
psirt@fortinet.com	4.1	2.3	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

https://fortiguard.fortinet.com/psirt/FG-IR-24-094

Vendor Advisory

https://github.com/orangecertcc/security-research/security/advisories/GHSA-pgc3-m5p5-4vc3

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-33504

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-33504

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-33504

EUVD