Headline
CVE-2023-33304: Fortiguard
A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials.
** PSIRT Advisories**
FortiClient for Windows - Hardcoded credentials in vcm2.exe
Summary
A use of hard-coded credentials vulnerability [CWE-798] in FortiClient for Windows may allow an attacker to bypass system protections via the use of static credentials.
Affected Products
FortiClientWindows version 7.2.0 through 7.2.1
FortiClientWindows version 7.0.0 through 7.0.9
Solutions
Please upgrade to FortiClientWindows version 7.2.2 or above
Please upgrade to FortiClientWindows version 7.0.9 or above
Acknowledgement
Fortinet is pleased to thank Hanafiah Muhamad from One NZ for reporting this vulnerability under responsible disclosure.
Timeline
2023-11-06: Initial publication