← back
CVE-2023-37935

CVE-2023-37935

CVSS 6.5 MEDIUMEPSS 0.9%CWE-598
A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:X/RC:X
Affected products
Fortinet · FortiOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.com/psirt/FG-IR-23-120