Primary

Context

Fortinet FortiAnalyzer and FortiManager Improper Output Neutralization for Logs Vulnerability

Vulnerability

A vulnerability allowing improper output neutralization for logs has been identified in Fortinet FortiAnalyzer and FortiManager. This issue affects multiple versions: FortiAnalyzer versions 7.6.1 and prior, 7.4.5 and prior, 7.2.8 and prior, 7.0.13 and prior, as well as FortiManager versions 7.6.1 and prior, 7.4.5 and prior, 7.2.8 and prior, 7.0.12 and prior. The vulnerability could allow an unauthenticated remote attacker to manipulate the logs by sending crafted login requests.

Impact

Exploitation of this vulnerability could lead to log pollution, where an attacker could inject misleading or false information into the system logs.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiAnalyzer and FortiManager Improper Output Neutralization for Logs Vulnerability

Vulnerability

Impact

Affected Products

Fortinet FortiAnalyzer

Fortinet FortiManager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating