Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-40585

An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below eventlog may allow any low privileged user with access to event log section to retrieve certificate private key and encrypted password logged as system log.

Published

2025-03-14T16:15:33.400

Last Modified

2025-07-23T21:13:40.443

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortimanager	< 7.0.9	Yes
Application	fortinet	fortimanager	< 7.2.4	Yes
Application	fortinet	fortimanager	7.4.0	Yes
Application	fortinet	fortianalyzer	< 6.2.12	Yes
Application	fortinet	fortianalyzer	< 6.4.13	Yes
Application	fortinet	fortianalyzer	< 7.0.9	Yes
Application	fortinet	fortianalyzer	< 7.2.4	Yes
Application	fortinet	fortianalyzer	7.4.0	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-311 Vendor Advisory ([email protected])