CVE-2024-33504

Summary

CVE-2024-33504 is a vulnerability affecting FortiManager versions 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, and all versions of 7.0 and 6.4. This issue, classified as CWE-321 (Use of Hard-coded Cryptographic Key), allows an attacker with JSON API access permissions to decrypt some sensitive data, bypassing the 'private-data-encryption' setting. FortiManager users on these affected versions are advised to apply the latest patches to mitigate this risk. Attackers can potentially obtain decrypted secrets, compromising data confidentiality. The vulnerability arises due to the use of a hard-coded cryptographic key for encryption.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.