CVE-2023-37936

Name of the Vulnerable Software and Affected Versions Fortinet FortiSwitch versions 6.0.0 through 6.0.7 Fortinet FortiSwitch versions 6.2.0 through 6.2.7 Fortinet FortiSwitch versions 6.4.0 through 6.4.13 Fortinet FortiSwitch versions 7.0.0 through 7.0.7 Fortinet FortiSwitch versions 7.2.0 through 7.2.5 Fortinet FortiSwitch version 7.4.0

Description A use of hard-coded cryptographic key in Fortinet FortiSwitch allows an attacker to execute unauthorized code or commands via crafted requests. Over 2,000 results have been found, indicating potential widespread impact. Attackers can create admin accounts without authentication, potentially leading to ransomware attacks.

Recommendations For Fortinet FortiSwitch versions 6.0.0 through 6.0.7, update to a fixed version to resolve the issue. For Fortinet FortiSwitch versions 6.2.0 through 6.2.7, update to a fixed version to resolve the issue. For Fortinet FortiSwitch versions 6.4.0 through 6.4.13, update to a fixed version to resolve the issue. For Fortinet FortiSwitch versions 7.0.0 through 7.0.7, update to a fixed version to resolve the issue. For Fortinet FortiSwitch versions 7.2.0 through 7.2.5, update to a fixed version to resolve the issue. For Fortinet FortiSwitch version 7.4.0, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to the FortiSwitch until a patch is available.