CVE-2024-33504
published 2025-02-11CVE-2024-33504: A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through…
high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | >= 6.4.0 < 7.2.10 | 7.2.10 |
| fortinet | fortimanager | 6.4.0 – 6.4.15 | — |
| fortinet | fortimanager | 7.0.0 – 7.0.13 | — |
| fortinet | fortimanager | 7.2.0 – 7.2.9 | — |
| fortinet | fortimanager | >= 7.4.0 < 7.4.6 | 7.4.6 |
| fortinet | fortimanager | 7.4.0 – 7.4.5 | — |
| fortinet | fortimanager | >= 7.6.0 < 7.6.2 | 7.6.2 |
| fortinet | fortimanager | 7.6.0 – 7.6.1 | — |
| fortinet | fortimanager_cloud | >= 6.4.1 < 7.2.9 | 7.2.9 |
| fortinet | fortimanager_cloud | >= 7.4.1 < 7.4.6 | 7.4.6 |
| fortinet | fortimanagercloud | — | — |