VYPR
Unrated severityNVD Advisory· Published Oct 10, 2023· Updated Sep 19, 2024

CVE-2023-37935

CVE-2023-37935

Description

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.

Affected products

2
  • Fortinet/Fortiosllm-fuzzy2 versions
    >=7.0.0 <=7.0.12, >=7.2.0 <=7.2.5, 7.4.0+ 1 more
    • (no CPE)range: >=7.0.0 <=7.0.12, >=7.2.0 <=7.2.5, 7.4.0
    • (no CPE)range: 7.4.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.