CVE-2023-37935
CVSS V2 None
CVSS V3 None
Description
A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.
Overview
- CVE ID
- CVE-2023-37935
- Assigner
- fortinet
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-10-10T16:51:21.801Z
- Last Modified Date
- 2023-10-10T16:51:21.801Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-23-120 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-37935 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37935 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 00:40:11 | Added to TrackCVE |