CVE-2023-33304

CWE-798Hard-coded Credentials4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 99.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientwindowsFortinet Forticlient
Timeline
PublishedNov 14

Description

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5fortinet/forticlientwindows7.2.07.2.1+1
NVDfortinet/forticlient7.0.07.0.9+2

🔴Vulnerability Details

2
GHSA
GHSA-h56f-w4g4-2j9h: A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 72023-11-14
CVEList
CVE-2023-33304: A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 72023-11-14

📋Vendor Advisories

1
Fortinet
A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an...2023-11-14
CVE-2023-33304 (MEDIUM CVSS 5.5) | A use of hard-coded credentials vul | cvebase.io