CVE-2024-33504
MEDIUMDescription
A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| fortinet | fortimanager |
| fortinet | fortimanager |
| fortinet | fortimanager |
| fortinet | fortimanager_cloud |
| fortinet | fortimanager_cloud |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-33504? +
How severe is CVE-2024-33504? +
What products are affected by CVE-2024-33504? +
How do I check if I'm vulnerable to CVE-2024-33504? +
Related Vulnerabilities
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to …
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to …
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to …
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the …
This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An …
Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key …