CNNVD-202512-2200 Information
CNNVD ID
CNNVD-202512-2200
Related CVE
- CNNVD Published: 2025-12-11
Description (Chinese)
Fortinet FortiOS等都是美国飞塔(Fortinet)公司的产品。Fortinet FortiOS是一套专用于FortiGate网络安全平台上的安全操作系统。Fortinet FortiManager是一套集中化网络安全管理平台。Fortinet FortiAnalyzer是一套集中式网络安全报告解决方案。 Fortinet多款产品存在加密问题漏洞,该漏洞源于密钥管理错误,可能导致管理员检索证书私钥。以下产品及版本受到影响:FortiAnalyzer 7.4.0版本至7.4.2版本、7.2.0版本至7.2.5版本、7.0所有版本和6.4所有版本,FortiManager 7.4.0版本至7.4.2版本、7.2.0版本至7.2.5版本、7.0所有版本和6.4所有版本,FortiOS 7.6.0版本、7.4.4版本、7.2.7版本和7.0.14版本,FortiPortal 6.0所有版本。
Description (English)
Fortinet FortiOS and others are products of Fortinet. Fortinet FortiOS is a secure operating system dedicated to the FortiGate network security platform. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized cybersecurity reporting solution. There is a encryption loophole in Fortinet ’ s multiple products, which results from a key management error and may lead to a personal key search of the certificate by the administrator. The following products and versions were affected: FortiAnalyzer Versions 7.4.0 to 7.4.2, 7.2.0 to 7.2.5, 7.0 to 7.40 and 6.4, FortiManager Versions 7.4.0 to 7.4.2, 7.2.0 to 7.2.5, 7.0 to 7.0 and 6.4, FortiOS Version 7.6.0, 7.4.4, 7.2.7 and 7.0.14 and FortiPortal 6.0.
Hazard Level
High
Vulnerability Type
加密问题
Affected Vendor
飞塔
Published
2025-12-11
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-24-133 https://vigilance.fr/vulnerability/FortiAnalyzer-FortiManager-FortiOS-information-disclosure-via-Private-Key-49034
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-24-133
Share on: