CVE-2024-40585: Insertion of sensitive information into Event log
First published: Tue Feb 11 2025(Updated: )
An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiAnalyzer and FortiManager eventlog may allow any low privileged user with access to event log section to retrieve certificate private key and encrypted password logged as system log.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiAnalyzer | =. | |
| Fortinet FortiAnalyzer | >=7.2.0<=7.2.3 | |
| Fortinet FortiAnalyzer | >=7.0.0<=7.0.8 | |
| Fortinet FortiAnalyzer | >=6.4.0<=6.4.12 | |
| Fortinet FortiAnalyzer | >=6.2.0<=6.2.11 | |
| Fortinet FortiManager | =. | |
| Fortinet FortiManager | >=7.2.0<=7.2.3 | |
| Fortinet FortiManager | >=7.0.0<=7.0.8 | |
| Fortinet FortiManager | >=6.4 | |
| Fortinet FortiManager | >=6.2 |
Remedy
Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiAnalyzer version 6.4.13 or above Please upgrade to FortiAnalyzer version 6.2.12 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-40585?
CVE-2024-40585 is classified as a high severity vulnerability due to the potential exposure of sensitive information.
How do I fix CVE-2024-40585?
To fix CVE-2024-40585, update FortiAnalyzer and FortiManager to the recommended versions or later as specified in the advisory.
Which Fortinet products are affected by CVE-2024-40585?
CVE-2024-40585 affects various versions of FortiAnalyzer and FortiManager, specifically those below the specified remediation versions.
What kind of information can be retrieved due to CVE-2024-40585?
CVE-2024-40585 allows low privileged users to retrieve sensitive information such as certificate private keys and encrypted passwords from system logs.
Who is vulnerable to CVE-2024-40585?
Any organization using affected versions of FortiAnalyzer or FortiManager with low privileged access to the event log section is vulnerable to CVE-2024-40585.
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2024-40585
- agent/first-publish-date
- agent/title
- agent/softwarecombine
- collector/fortiguard-psirt
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/weakness
- agent/type
- agent/description
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/source
- agent/author
- agent/severity
- agent/tags
- agent/event
- vendor/fortinet
- canonical/fortinet fortianalyzer
- version/fortinet fortianalyzer/.
- version/fortinet fortianalyzer/7.2.0
- version/fortinet fortianalyzer/7.2.3
- version/fortinet fortianalyzer/7.0.0
- version/fortinet fortianalyzer/7.0.8
- version/fortinet fortianalyzer/6.4.0
- version/fortinet fortianalyzer/6.4.12
- version/fortinet fortianalyzer/6.2.0
- version/fortinet fortianalyzer/6.2.11
- canonical/fortinet fortimanager
- version/fortinet fortimanager/.
- version/fortinet fortimanager/7.2.0
- version/fortinet fortimanager/7.2.3
- version/fortinet fortimanager/7.0.0
- version/fortinet fortimanager/7.0.8
- version/fortinet fortimanager/6.4
- version/fortinet fortimanager/6.2