Security Vulnerability Report
中文
CVE-2026-39810 CVSS 6.0 MEDIUM

CVE-2026-39810

Published: 2026-04-14 16:16:45
Last Modified: 2026-04-21 17:18:59
Source: [email protected]

Description

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump.

CVSS Details

CVSS Score
6.0
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:fortinet:forticlientems:*:*:*:*:*:*:*:* - VULNERABLE
Fortinet FortiClientEMS 7.4.0
Fortinet FortiClientEMS 7.4.1
Fortinet FortiClientEMS 7.4.2
Fortinet FortiClientEMS 7.4.3
Fortinet FortiClientEMS 7.4.4
Fortinet FortiClientEMS 7.4.5

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import base64 from Crypto.Cipher import AES # Simulated hardcoded key extracted from binary HARDCODED_KEY = b'1234567890123456' # Example 16-byte key IV = b'0000000000000000' def decrypt_dump(filepath): with open(filepath, 'rb') as f: enc_data = f.read() cipher = AES.new(HARDCODED_KEY, AES.MODE_CBC, IV) data = cipher.decrypt(enc_data) print(data.decode('utf-8', errors='ignore')) # Usage: python poc.py encrypted.db

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-39810", "sourceIdentifier": "[email protected]", "published": "2026-04-14T16:16:45.173", "lastModified": "2026-04-21T17:18:59.293", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "baseScore": 6.0, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.8, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-321"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:forticlientems:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.4.0", "versionEndExcluding": "7.4.6", "matchCriteriaId": "7FF067FF-526C-4399-8220-E2978445F005"}]}]}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-107", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.