CVSS 3.1 Score 7.5 of 10 (high)


Published Oct 10, 2023
Updated: Nov 7, 2023
CWE ID 598


CVE-2023-37935 is a vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5, and 7.4.0 that allows an attacker to view plaintext passwords of remote services like RDP or VNC by exploiting the use of GET request method with sensitive query strings. The vulnerability affects multiple products, including sCqhsh, sB97pd, and qXFuIe among others. To remediate this vulnerability, users should update their FortiOS to a version that is not affected by the issue. The danger posed by this vulnerability is considered high, as it allows an attacker to gain access to sensitive information and potentially compromise the security of an organization's remote services.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-37935 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options