admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-12 02:04:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-335xx/CVE-2024-33504.json
cad-safe-bot 03e4a37847 Auto-Update: 2025-02-16T03:00:21.640882+00:00
2025-02-16 03:03:51 +00:00

64 lines
2.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-33504",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-02-11T17:15:22.110",
"lastModified": "2025-02-11T17:15:22.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled."
},
{
"lang": "es",
"value": "Una vulnerabilidad de uso de una clave criptogr\u00e1fica codificada para cifrar datos confidenciales [CWE-321] en FortiManager 7.6.0 a 7.6.1, 7.4.0 a 7.4.5, 7.2.0 a 7.2.9, 7.0 todas las versiones, 6.4 todas las versiones puede permitir que un atacante con permisos de acceso a la API JSON descifre algunos secretos incluso si la configuraci\u00f3n 'private-data-encryption' est\u00e1 habilitada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-321"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-094",
"source": "psirt@fortinet.com"
},
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-pgc3-m5p5-4vc3",
"source": "psirt@fortinet.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink