What is the severity of CVE-2023-37936?

CVE-2023-37936 is considered a high severity vulnerability due to the possibility of unauthorized code execution.

How do I fix CVE-2023-37936?

To fix CVE-2023-37936, upgrade Fortinet FortiSwitch to version 7.4.1 or apply the relevant patches for your version.

Which versions of FortiSwitch are affected by CVE-2023-37936?

CVE-2023-37936 affects Fortinet FortiSwitch versions from 6.0.0 to 7.4.0.

Are there any workarounds for CVE-2023-37936 until I can upgrade?

Currently, there are no documented workarounds for CVE-2023-37936, so upgrading is the recommended action.

What impact could CVE-2023-37936 have on my network?

CVE-2023-37936 could allow attackers to execute unauthorized commands, potentially compromising the security of the entire network.

Vulnerability/
CVE-2023-37936

Exploited

critical

9.8

CWE

321 798

14/1/2025

31/1/2025

CVE-2023-37936: Hardcoded Session Secret Leading to Unauthenticated Remote Code Execution

First published: Tue Jan 14 2025(Updated: )

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiSwitch	=.
Fortinet FortiSwitch	>=7.2.0<=7.2.5
Fortinet FortiSwitch	>=7.0.0<=7.0.7
Fortinet FortiSwitch	>=6.4.0<=6.4.13
Fortinet FortiSwitch	>=6.2.0<=6.2.7
Fortinet FortiSwitch	>=6.0.0<=6.0.7
Fortinet FortiSwitch	>=6.0.0<6.2.8
Fortinet FortiSwitch	>=6.4.0<6.4.14
Fortinet FortiSwitch	>=7.0.0<7.0.8
Fortinet FortiSwitch	>=7.2.0<7.2.6
Fortinet FortiSwitch	=7.4.0

Remedy

Please upgrade to FortiSwitch version 7.4.1 or above Please upgrade to FortiSwitch version 7.2.6 or above Please upgrade to FortiSwitch version 7.0.8 or above Please upgrade to FortiSwitch version 6.4.14 or above Please upgrade to FortiSwitch version 6.2.8 or above

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2023-37936?
CVE-2023-37936 is considered a high severity vulnerability due to the possibility of unauthorized code execution.
How do I fix CVE-2023-37936?
To fix CVE-2023-37936, upgrade Fortinet FortiSwitch to version 7.4.1 or apply the relevant patches for your version.
Which versions of FortiSwitch are affected by CVE-2023-37936?
CVE-2023-37936 affects Fortinet FortiSwitch versions from 6.0.0 to 7.4.0.
Are there any workarounds for CVE-2023-37936 until I can upgrade?
Currently, there are no documented workarounds for CVE-2023-37936, so upgrading is the recommended action.
What impact could CVE-2023-37936 have on my network?
CVE-2023-37936 could allow attackers to execute unauthorized commands, potentially compromising the security of the entire network.

agent/remedy
agent/type
collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2023-37936
agent/first-publish-date
agent/title
agent/description
agent/author
collector/mitre-cve
source/MITRE
collector/fortiguard-psirt
agent/software-canonical-lookup
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2024-55591
alias/CVE-2024-47575
agent/references
agent/source
agent/news-ai
zeroday/true
exploited/true
agent/severity
agent/trending
agent/tags
agent/last-modified-date
agent/weakness
agent/softwarecombine
agent/event
collector/nvd-api
source/NVD
vendor/fortinet
canonical/fortinet fortiswitch
version/fortinet fortiswitch/.
version/fortinet fortiswitch/7.2.0
version/fortinet fortiswitch/7.2.5
version/fortinet fortiswitch/7.0.0
version/fortinet fortiswitch/7.0.7
version/fortinet fortiswitch/6.4.0
version/fortinet fortiswitch/6.4.13
version/fortinet fortiswitch/6.2.0
version/fortinet fortiswitch/6.2.7
version/fortinet fortiswitch/6.0.0
version/fortinet fortiswitch/6.0.7
version/fortinet fortiswitch/7.4.0