A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests.
The vulnerability results from the presence of a static, immutable cryptographic key hard-coded in FortiSwitch software (CWE-321, CWE-798). An attacker, knowing or reproducing this key, can construct crafted network requests that will be recognized as authenticated or properly encrypted by the device. This allows execution of unauthorized commands or code without knowledge of user credentials. The attack can be conducted remotely over the network without any user interaction.
An attacker can execute arbitrary code or commands on the FortiSwitch device, leading to complete takeover of the device, breach of confidentiality, integrity and availability of data and network infrastructure.
Apply patches available from the vendor according to references (https://fortiguard.com/psirt/FG-IR-23-260). It is recommended to update FortiSwitch software to a version without this vulnerability as soon as possible in accordance with Fortinet guidelines.
Fortinet FortiSwitch in versions: 7.4.0, 7.2.0–7.2.5, 7.0.0–7.0.7, 6.4.0–6.4.13, 6.2.0–6.2.7 and 6.0.0–6.0.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortiswitch
OSFortinet7.4.06.0.0 – 6.2.8 (bez)6.4.0 – 6.4.14 (bez)7.0.0 – 7.0.8 (bez)7.2.0 – 7.2.6 (bez)
Related vulnerabilities
Fortinet FortiSwitch — nieautoryzowana zmiana hasła administratora (RCE-ready)
Buffer Underflow w interfejsie administracyjnym Fortinet FortiOS / FortiProxy — RCE bez uwierzytelnienia
Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D...
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x bef...
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet Fort...