CVE-2024-40585 Information

Description

An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0 version 7.2.3 and below version 7.0.8 and below version 6.4.12 and below version 6.2.11 and below and FortiAnalyzer version 7.4.0 version 7.2.3 and below version 7.0.8 and below version 6.4.12 and below version 6.2.11 and below eventlog may allow any low privileged user with access to event log section to retrieve certificate private key and encrypted password logged as system log.

Reference

https://fortiguard.fortinet.com/psirt/FG-IR-24-311