What is CVE-2023-37936?

CVE-2023-37936 is a critical-severity vulnerability in Fortinet Fortiswitch, classified under Use of Hard-coded Cryptographic Key. CVSS score: 9.6/10. Published 2025-01-14.

How severe is CVE-2023-37936?

Critical severity. CVSS v3 base score is 9.6 out of 10.

Vulnerability in Fortinet Fortiswitch

CVE-2023-37936

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized co…

EPSS: 0.008 (73.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C.

Affected products

Fortinet Fortiswitch — versions 7.4.0, 7.2.0, 7.0.0

Weakness classification (CWE)

CWE-321 — Use of Hard-coded Cryptographic Key

References

https://fortiguard.com/psirt/FG-IR-23-260

Frequently asked questions

What is CVE-2023-37936?: CVE-2023-37936 is a critical-severity vulnerability in Fortinet Fortiswitch, classified under Use of Hard-coded Cryptographic Key. CVSS score: 9.6/10. Published 2025-01-14.
How severe is CVE-2023-37936?: Critical severity. CVSS v3 base score is 9.6 out of 10.