Discover CSC About Us
Stay Alert Latest Threats
Stay Informed Latest Updates
Stay Protected

Advice & Guidance
- Stay Protected
  
  All the assets, resources, training programs, and awareness materials tailored to specific beneficiaries in one place, ranging from governments and citizens to families and others. Take an active role in keeping the UAE safe now.
- Individuals & Families
  - Become a Responsible Digital Citizen
  - Awareness Articles for Individuals & Families
  Corporations
  - Become a Responsible Digital Business
  - Awareness Articles for Corporations
  Government
  - Guidelines for Government Entities
  - UAE Cyber Security Policies
  Cybersecurity Policies

Discover CSC About Us
Stay Alert Latest Threats
Stay Informed Latest Updates
Stay Protected Advice & Guidance
- Stay Protected
  
  All the assets, resources, training programs, and awareness materials tailored to specific beneficiaries in one place, ranging from governments and citizens to families and others. Take an active role in keeping the UAE safe now.
- Individuals & Families
  - Become a Responsible Digital Citizen
  - Awareness Articles for Individuals & Families
  Corporations
  - Become a Responsible Digital Business
  - Awareness Articles for Corporations
  Government
  - Guidelines for Government Entities
  - UAE Cyber Security Policies
  NibraS
  Cybersecurity Policies

published 1/29/25 10:53 AM •
updated 16 January 2025 •
5 Min read

Critical Vulnerability in FortiSwitch Devices

Alert Rating

Critical

Audience

Corporations, Government

A critical vulnerability (CVE-2023-37936) has been discovered in multiple versions of Fortinet FortiSwitch devices. This vulnerability, classified as a use of hard-coded cryptographic key [CWE-321], allows a remote unauthenticated attacker in possession of the key to execute unauthorized code via crafted cryptographic request.

Vulnerability Details:

CVE-2023-37936
CVSSv3 Score 9.6,Severity: Critical
The vulnerability is a use of hard-coded cryptographic key issue in Fortinet FortiSwitch devices. This type of vulnerability significantly increases the possibility that encrypted data may be recovered.

Affected Versions:
FortiSwitch 7.4.0
FortiSwitch 7.2.0 through 7.2.5
FortiSwitch 7.0.0 through 7.0.7
FortiSwitch 6.4.0 through 6.4.13
FortiSwitch 6.2.0 through 6.2.7
FortiSwitch 6.0.0 through 6.0.7

Fixed Versions:
FortiSwitch 7.4: Upgrade to 7.4.1 or above
FortiSwitch 7.2: Upgrade to 7.2.6 or above
FortiSwitch 7.0: Upgrade to 7.0.8 or above
FortiSwitch 6.4: Upgrade to 6.4.14 or above
FortiSwitch 6.2: Upgrade to 6.2.8 or above
FortiSwitch 6.0: Migrate to a fixed release

Attachments

Critical Vulnerability in FortiSwitch Devices.pdf

0.22 MB

Take Action

Protect yourself

Update the firmware on all affected FortiSwitch devices in your network.

Attachments

Stay Connected

Follow our channels

Follow our social media channels to stay up to date.

Take Action

Spread Awareness

Share this threat to raise awareness and help others stay alert

GET INVOLVED

Make a Difference

Get involved with CSC and play a part in safeguarding the UAE's digital landscape.

Other Threats

20 January 2025

Alert rating

Critical

Critical Vulnerability in F5 Traffix SDC

A critical vulnerability has been discovered in F5 Traffix SDC, linked to Apache Tomcat, which could allow attackers to gain unauthorized access to compromised systems.

Protecting

Corporations, Government

17 January 2025

Alert rating

High

Security Updates - NVIDIA

NVIDIA has released security updates to address multiple vulnerabilities in the NVIDIA Container Toolkit and NVIDIA GPU Operator.

Protecting

Corporations, Government

16 January 2025

Alert rating

Critical

Critical Vulnerability in FortiSwitch Devices

Protecting

Corporations, Government

Critical Vulnerability in FortiSwitch Devices

On this page