CVE-2024-46665

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.4.0 through 7.4.4 FortiOS version 7.6.0

Description: An issue in FortiOS allows an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting requests. This is due to the insertion of sensitive information into sent data.

Recommendations: For FortiOS versions 7.4.0 through 7.4.4, update to a version that contains a fix for this issue. For FortiOS version 7.6.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the RADIUS accounting server to minimize the risk of exploitation.