CVE-2023-37935

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 10, 2023

Updated: Nov 7, 2023

CWE ID 598

Summary

CVE-2023-37935 is a vulnerability affecting Fortinet FortiOS versions 7.0.0 to 7.0.12, 7.2.0 to 7.2.5, and 7.4.0. This issue arises from the use of GET request method with sensitive query strings. An attacker who can intercept and read these GET requests may gain access to plaintext passwords of remote services, including RDP and VNC, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FortiOS

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r8-ymp
https://www.cve.org/CVERecord?id=CVE-2023-37935
https://nvd.nist.gov/vuln/detail/CVE-2023-37935

Back to Vulnerability Database