CNNVD-202512-1246 Information
CNNVD ID
CNNVD-202512-1246
Related CVE
- CNNVD Published: 2025-12-09
Description (Chinese)
Fortinet FortiOS等都是美国飞塔(Fortinet)公司的产品。Fortinet FortiOS是一套专用于FortiGate网络安全平台上的安全操作系统。Fortinet FortiPAM是一款权限访问控制的平台。Fortinet FortiSRA是一款安全远程访问软件。 Fortinet多款产品存在日志信息泄露漏洞,该漏洞源于敏感信息插入日志文件,可能导致API令牌泄露。以下产品及版本受到影响:FortiOS 7.4.0版本至7.4.3版本和7.2.0版本至7.2.7版本、FortiProxy 7.4.0版本至7.4.3版本和7.2.0版本至7.2.11版本、FortiPAM 1.4版本至1.0版本和FortiSRA 1.4版本。
Description (English)
Fortinet FortiOS and others are products of Fortinet. Fortinet FortiOS is a secure operating system dedicated to the FortiGate network security platform. Fortinet FortiPam is a platform for access control. Fortinet FortiSRA is a secure remote access software. Fortinet’s multiple products have a log leak, which results from the insertion of sensitive information into log files, which may lead to the release of API tokens. The following products and versions were affected: FortiOS version 7.4.0 to 7.4.3 and Version 7.2.0 to 7.2.7, FortiProxy version 7.4.0 to 7.4.3 and Version 7.2.11, FortiPAM version 1.4 to 1.0 and FortiSRA version 1.4.
Hazard Level
High
Vulnerability Type
日志信息泄露
Affected Vendor
飞塔
Published
2025-12-09
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-24-268 https://vigilance.fr/vulnerability/FortiOS-logged-sensitive-information-via-REST-API-49035
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-24-268
Share on: