A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands.
2025-11-18T17:16:01.973
2025-11-20T14:40:25.397
Analyzed
CVSSv3.1: 5.5 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | fortinet | fortiextender_firmware | < 7.4.8 | Yes |
| Operating System | fortinet | fortiextender_firmware | < 7.6.3 | Yes |
| Hardware | fortinet | fortiextender | - | No |