Primary

Context

Fortinet FortiManager and FortiAnalyzer Sensitive Information Log Injection Vulnerability

Vulnerability

A vulnerability allowing the insertion of sensitive information into log files has been identified in Fortinet FortiManager and FortiAnalyzer. This issue affects FortiManager versions 7.4.0, 7.2.3 and below, 7.0.8 and below, 6.4.12 and below, and 6.2.11 and below, as well as FortiAnalyzer versions 7.4.0, 7.2.3 and below, 7.0.8 and below, 6.4.12 and below, and 6.2.11 and below. The vulnerability may allow any low-privileged user with access to the event log section to retrieve logged certificate private keys and encrypted passwords from the system log.

Impact

Exploitation of this vulnerability could lead to unauthorized access to certificate private keys and encrypted passwords, allowing for potential further exploitation or unauthorized actions within the affected system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiManager and FortiAnalyzer Sensitive Information Log Injection Vulnerability

Vulnerability

Impact

Affected Products

Fortinet FortiManager

Fortinet FortiAnalyzer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating