vulnerability
Fortinet FortiAnalyzer: Information Exposure Through Log Files (CVE-2024-40585)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:C/I:N/A:N) | Mar 14, 2025 | Jul 25, 2025 | Aug 1, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:C/I:N/A:N)
Published
Mar 14, 2025
Added
Jul 25, 2025
Modified
Aug 1, 2025
Description
An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below eventlog may allow any low privileged user with access to event log section to retrieve certificate private key and encrypted password logged as system log.
Solutions
fortinet-fortianalyzer-upgrade-6_2_12fortinet-fortianalyzer-upgrade-6_4_13fortinet-fortianalyzer-upgrade-7_0_9fortinet-fortianalyzer-upgrade-7_2_4
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.