CVE-2024-40593: A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions…

medium4.4CVSS 3.1

AVLACLPRHUINSUCHINAN

A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell.

Affected

22 ranges

Vendor	Product	Version range	Fixed in
fortinet	fortianalyzer	—	—
fortinet	fortianalyzer	>= 6.4.0 < 7.2.6	7.2.6
fortinet	fortianalyzer	6.4.0 – 6.4.15	—
fortinet	fortianalyzer	7.0.0 – 7.0.15	—
fortinet	fortianalyzer	7.2.0 – 7.2.5	—
fortinet	fortianalyzer	>= 7.4.0 < 7.4.3	7.4.3
fortinet	fortianalyzer	7.4.0 – 7.4.2	—
fortinet	fortimanager	—	—
fortinet	fortimanager	>= 6.4.0 < 7.2.6	7.2.6
fortinet	fortimanager	6.4.0 – 6.4.15	—
fortinet	fortimanager	7.0.0 – 7.0.15	—
fortinet	fortimanager	7.2.0 – 7.2.5	—
fortinet	fortimanager	>= 7.4.0 < 7.4.3	7.4.3
fortinet	fortimanager	7.4.0 – 7.4.2	—
fortinet	fortinet	—	—
fortinet	fortios	—	—
fortinet	fortios	—	—
fortinet	fortios	—	—
fortinet	fortios	—	—
fortinet	fortios	—	—
fortinet	fortiportal	—	—
fortinet	fortiportal	6.0.0 – 6.0.15	—