CVE-2023-37936

Published Jan 14, 2025

Last updated 4 days ago

CVSS critical 9.8

Overview

Description
A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests.
Source
psirt@fortinet.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@fortinet.com
CWE-321

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. CVE-2023-37936 impacts Fortinet FortiSwitch #FortiSwitch #CVE-2023-37936 #Fortinet https://t.co/eF9mZS2p2g

    @pravin_karthik

    16 Jan 2025

    43 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨🚨CVE-2023-37936 (CVSS 9.6): Urgent Patch Needed for FortiSwitch Vulnerability https://t.co/KHREXNoT4G

    @H4ckManac

    15 Jan 2025

    3157 Impressions

    11 Retweets

    31 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️⚠️ CVE-2023-37936 (CVSS 9.6): Urgent Patch Needed for FortiSwitch Vulnerability 🎯2k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/b5pRoDpDoo FOFA Query:app="FortiSwitch" 🔖Refer: https://t.co/2YiQHbbNvK #OSINT #FOFA #CyberSecurity

    @fofabot

    15 Jan 2025

    854 Impressions

    1 Retweet

    7 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  4. フォーティネットのFortiSwitchに重大(Critical)な脆弱性。CVE-2023-37936はCVSSスコア9.6。ハードコードされた暗号鍵の使用に起因し、認証無しでネットワーク経由での任意コード実行が可能。 https://t.co/5gnfsAC2PY

    @__kokumoto

    15 Jan 2025

    6289 Impressions

    11 Retweets

    34 Likes

    5 Bookmarks

    0 Replies

    3 Quotes

  5. Threat Alert: Threat actors exploit a probable 0-day in exposed management consoles of Fortine CVE-2023-37936 CVE-2024-55591 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/Fx9pdXAulM #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    15 Jan 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2023-37936 (CVSS 9.6): Urgent Patch Needed for FortiSwitch Vulnerability Critical security vulnerability (CVE-2023-37936) affecting FortiSwitch product line. Learn about the impact, mitigation, and recommended patches https://t.co/qLK9ouW5gC

    @the_yellow_fall

    15 Jan 2025

    866 Impressions

    2 Retweets

    9 Likes

    2 Bookmarks

    0 Replies

    1 Quote

References