PT-2025-6674 · Fortinet · Fortianalyzer+1

Published

2025-02-11

Updated

2025-03-14

CVE-2024-40585

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: FortiManager versions prior to 7.4.1 FortiAnalyzer versions prior to 7.4.1

Description: The issue involves an insertion of sensitive information into log files, allowing a low-privileged user with access to the event log section to potentially retrieve a certificate private key and encrypted password logged as system log.

Recommendations: For FortiManager versions 7.4.0, 7.2.3 and below, 7.0.8 and below, 6.4.12 and below, 6.2.11 and below: update to version 7.4.1 or later. For FortiAnalyzer versions 7.4.0, 7.2.3 and below, 7.0.8 and below, 6.4.12 and below, 6.2.11 and below: update to version 7.4.1 or later.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

BDU:2025-04654

CVE-2024-40585

Affected Products

Fortianalyzer

Fortimanager

PT-2025-6674 · Fortinet · Fortianalyzer+1

CVE-2024-40585

Weakness Enumeration

Related Identifiers

Affected Products

References · 10