CVE-2024-40585
published 2025-03-14CVE-2024-40585: An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below eventlog may allow any low privileged user with access to event log section to retrieve certificate private key and encrypted password logged as system log.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | >= 6.2.0 < 6.2.12 | 6.2.12 |
| fortinet | fortianalyzer | 6.2.0 – 6.2.11 | — |
| fortinet | fortianalyzer | >= 6.4.0 < 6.4.13 | 6.4.13 |
| fortinet | fortianalyzer | 6.4.0 – 6.4.12 | — |
| fortinet | fortianalyzer | >= 7.0.0 < 7.0.9 | 7.0.9 |
| fortinet | fortianalyzer | 7.0.0 – 7.0.8 | — |
| fortinet | fortianalyzer | >= 7.2.0 < 7.2.4 | 7.2.4 |
| fortinet | fortianalyzer | 7.2.0 – 7.2.3 | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | >= 6.2.0 < 7.0.9 | 7.0.9 |
| fortinet | fortimanager | 6.2.0 – 6.2.11 | — |
| fortinet | fortimanager | 6.4.0 – 6.4.12 | — |
| fortinet | fortimanager | 7.0.0 – 7.0.8 | — |
| fortinet | fortimanager | >= 7.2.0 < 7.2.4 | 7.2.4 |
| fortinet | fortimanager | 7.2.0 – 7.2.3 | — |