CVE-2023-33304

2023-11-1418:15:30

CWE-798

[email protected]

web.nvd.nist.gov

fortinet forticlient

hard-coded credentials

vulnerability

bypassing

system protections

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

9.0%

JSON

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials.

Affected configurations

Nvd

Node

fortinetforticlientRange7.0.0–7.0.9windows

fortinetforticlientMatch7.2.0windows

fortinetforticlientMatch7.2.1windows

VendorProductVersionCPE
fortinetforticlient*cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
fortinetforticlient7.2.0cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:windows:*:*
fortinetforticlient7.2.1cpe:2.3:a:fortinet:forticlient:7.2.1:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
fortinet	forticlient	*	cpe:2.3:a:fortinet:forticlient::::::windows::*
fortinet	forticlient	7.2.0	cpe:2.3:a:fortinet:forticlient:7.2.0:::::windows::
fortinet	forticlient	7.2.1	cpe:2.3:a:fortinet:forticlient:7.2.1:::::windows::