CVE-2024-40593

CWE-3205 documents5 sources

Severity

4.4MEDIUM

EPSS

0.0%

top 97.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortimanager Fortinet Fortiportal +1 more

Timeline

PublishedDec 11

Description

A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate's private key via the device's admin …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages8 packages

▶NVDfortinet/fortimanager6.4.0 — 7.2.6+1

▶NVDfortinet/fortianalyzer6.4.0 — 7.2.6+1

▶CVEListV5fortinet/fortimanager7.4.0 — 7.4.2+3

▶CVEListV5fortinet/fortianalyzer7.4.0 — 7.4.2+3

▶CVEListV5fortinet/fortios4 versions+3

🔴Vulnerability Details

CVEList

CVE-2024-40593: A key management errors vulnerability in Fortinet FortiAnalyzer 7↗2025-12-11

▶

GHSA

GHSA-6vww-5qwh-3c68: A key management errors vulnerability in Fortinet FortiAnalyzer 7↗2025-12-11

▶

📋Vendor Advisories

Fortinet

Private key readable by admin↗2025-12-11

▶

🕵️Threat Intelligence

Wiz

CVE-2024-40593 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶