{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T14:46:54.958","vulnerabilities":[{"cve":{"id":"CVE-2024-33504","sourceIdentifier":"psirt@fortinet.com","published":"2025-02-11T17:15:22.110","lastModified":"2025-07-24T20:00:29.750","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled."},{"lang":"es","value":"Una vulnerabilidad de uso de una clave criptográfica codificada para cifrar datos confidenciales [CWE-321] en FortiManager 7.6.0 a 7.6.1, 7.4.0 a 7.4.5, 7.2.0 a 7.2.9, 7.0 todas las versiones, 6.4 todas las versiones puede permitir que un atacante con permisos de acceso a la API JSON descifre algunos secretos incluso si la configuración 'private-data-encryption' está habilitada."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.2.10","matchCriteriaId":"636AB971-0D6F-416B-A64D-E52AE91AB092"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.6","matchCriteriaId":"24796E3A-DDCB-4949-9080-5DCEEECF0B6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.2","matchCriteriaId":"241A8930-4ADA-4380-AA42-F10B28487595"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.1","versionEndExcluding":"7.2.9","matchCriteriaId":"DDF891B6-8968-4E2B-89AC-7EDE3EC5886F"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.6","matchCriteriaId":"6F663525-A2D6-40AB-905F-367B7E83054D"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-094","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-pgc3-m5p5-4vc3","source":"psirt@fortinet.com","tags":["Third Party Advisory"]}]}}]}