CVE-2024-52962

CWE-1174 documents4 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 60.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortianalyzerFortinet Fortimanager
Timeline
PublishedApr 8

Description

An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and FortiManager version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.12 and below may allow an unauthenticated remote attacker to pollute the logs via crafted login requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

NVDfortinet/fortimanager7.0.07.0.14+3
NVDfortinet/fortianalyzer7.0.07.0.14+3
CVEListV5fortinet/fortimanager7.6.07.6.1+3
CVEListV5fortinet/fortianalyzer7.6.07.6.1+3

🔴Vulnerability Details

2
CVEList
CVE-2024-52962: An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 72025-04-08
GHSA
GHSA-j27p-5p5f-gjjv: An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 72025-04-08

📋Vendor Advisories

1
Fortinet
Log Pollution via login page2025-04-08
CVE-2024-52962 (MEDIUM CVSS 5.3) | An Improper Output Neutralization f | cvebase.io