First published: Fri Mar 14 2025(Updated: )
An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiPortal | <7.2.5<7.0.9<6.0.16 |
Please upgrade to FortiPortal version 7.4.1 or above Please upgrade to FortiPortal version 7.2.5 or above Please upgrade to FortiPortal version 7.0.9 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-40590 has been classified as a high severity vulnerability due to its potential impact on unauthorized access.
To fix CVE-2024-40590, upgrade your FortiPortal to version 7.2.5 or later, or version 7.0.9 or later, or version 6.0.16 or later.
CVE-2024-40590 affects FortiPortal versions 7.4.0, 7.2.4 and below, 7.0.8 and below, and 6.0.15 and below.
CVE-2024-40590 is an improper certificate validation vulnerability that can lead to man-in-the-middle attacks.
Yes, CVE-2024-40590 can potentially be exploited by unauthenticated attackers from remote locations.