VDB
CISA-2024-40585
CISA-2024-40585
PUBLISHED
CVSS 5.9 MEDIUM
Reported by fortinet · Published March 14, 2025
An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below eventlog may allow any low privileged user with access to event log section to retrieve certificate private key and encrypted password logged as system log.
Risk Scores
CVSS 3.1
5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:R
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiAnalyzer | 7.4.0, 7.2.0, 7.0.0 |
| Fortinet | FortiManager | 7.4.0, 7.2.0, 7.0.0 |
| Fortinet | FortiManager | 6.2.0, 7.2.0, 6.4.0 |
| Fortinet | FortiAnalyzer | 7.4.0, 7.2.0, 6.2.0 |
Timeline
- Mar 14, 2025 CVE Published
- Mar 14, 2025 CVE Updated