A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled.
                
            References
                    | Link | Resource | 
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-24-094 | Vendor Advisory | 
| https://github.com/orangecertcc/security-research/security/advisories/GHSA-pgc3-m5p5-4vc3 | Third Party Advisory | 
Configurations
                    Configuration 1 (hide)
| 
 | 
Configuration 2 (hide)
| 
 | 
History
                    24 Jul 2025, 20:00
| Type | Values Removed | Values Added | 
|---|---|---|
| CPE | cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:* | |
| First Time | Fortinet fortimanager Fortinet Fortinet fortimanager Cloud | |
| Summary | 
 | |
| References | () https://fortiguard.fortinet.com/psirt/FG-IR-24-094 - Vendor Advisory | |
| References | () https://github.com/orangecertcc/security-research/security/advisories/GHSA-pgc3-m5p5-4vc3 - Third Party Advisory | 
11 Feb 2025, 17:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-02-11 17:15
Updated : 2025-07-24 20:00
NVD link : CVE-2024-33504
Mitre link : CVE-2024-33504
CVE.ORG link : CVE-2024-33504
JSON object : View
Products Affected
                fortinet
- fortimanager_cloud
- fortimanager
CWE
                
                    
                        
                        CWE-321
                        
            Use of Hard-coded Cryptographic Key
