Vulnerability DatabaseCVE-2023-33304

CVE-2023-33304:
FortiClient vulnerability analysis and mitigation

Overview

A use of hard-coded credentials vulnerability was discovered in Fortinet FortiClient Windows versions 7.0.0 through 7.0.9 and 7.2.0 through 7.2.1. The vulnerability was initially published on November 14, 2023, and was assigned CVE-2023-33304. This security flaw allows an attacker to bypass system protections by exploiting static credentials (Fortinet Advisory).

Technical details

The vulnerability is classified as CWE-798 (Use of Hard-coded Credentials) and received a CVSS v3.1 base score of 4.4 (Medium) from Fortinet, while NIST assigned it a score of 5.5 (Medium). The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N, indicating that the vulnerability requires local access and high privileges but needs no user interaction to exploit (NVD).

Impact

The vulnerability allows attackers to bypass system protections through the use of static credentials, potentially compromising the security of affected systems. The impact primarily affects system integrity, with no direct effect on confidentiality or availability (Fortinet Advisory).

Mitigation and workarounds

Fortinet has released patches to address this vulnerability. Users of FortiClient Windows 7.2.x should upgrade to version 7.2.2 or above, while users of FortiClient Windows 7.0.x should upgrade to version 7.0.10 or above (Fortinet Advisory).

Community reactions

The vulnerability was responsibly disclosed by Hanafiah Muhamad from One NZ, and Fortinet acknowledged their contribution to identifying this security issue (Fortinet Advisory).

Additional resources

Source: This report was generated using AI

Related FortiClient vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-47761	HIGH	7.8	FortiClient	cpe:2.3:a:fortinet:forticlient	No	Yes	Nov 18, 2025
CVE-2025-46373	HIGH	7.8	FortiClient	cpe:2.3:a:fortinet:forticlient	No	Yes	Nov 18, 2025
CVE-2025-57741	HIGH	7.8	FortiClient	cpe:2.3:a:fortinet:forticlient	No	Yes	Oct 14, 2025
CVE-2025-57716	HIGH	7.3	FortiClient	cpe:2.3:a:fortinet:forticlient	No	Yes	Oct 14, 2025
CVE-2025-54660	MEDIUM	5.5	FortiClient	cpe:2.3:a:fortinet:forticlient	No	Yes	Nov 18, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2023-33304: FortiClient vulnerability analysis and mitigation