CVE-2024-47569

Summary

A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiManager Cloud7.4.1 <= 7.4.3affected
FortinetFortiTester7.4.0 <= 7.4.2affected
FortinetFortiTester7.3.0 <= 7.3.2affected
FortinetFortiTester7.2.0 <= 7.2.3affected
FortinetFortiTester7.1.0 <= 7.1.1affected
FortinetFortiTester7.0.0affected
FortinetFortiTester4.2.0 <= 4.2.1affected
FortinetFortiNDR7.6.0 <= 7.6.1affected
FortinetFortiNDR7.4.0 <= 7.4.8affected
FortinetFortiNDR7.2.0 <= 7.2.5affected
FortinetFortiNDR7.1.0 <= 7.1.1affected
FortinetFortiNDR7.0.0 <= 7.0.7affected
FortinetFortiNDR1.5.0 <= 1.5.3affected
FortinetFortiManager7.4.1 <= 7.4.3affected
FortinetFortiPAM1.3.0 <= 1.3.1affected
FortinetFortiPAM1.2.0affected
FortinetFortiPAM1.1.0 <= 1.1.2affected
FortinetFortiPAM1.0.0 <= 1.0.3affected
FortinetFortiOS7.6.0affected
FortinetFortiOS7.4.0 <= 7.4.4affected
FortinetFortiOS7.2.0 <= 7.2.8affected
FortinetFortiOS7.0.0 <= 7.0.15affected
FortinetFortiOS6.4.0 <= 6.4.15affected
FortinetFortiRecorder7.2.0 <= 7.2.1affected
FortinetFortiRecorder7.0.0 <= 7.0.4affected
FortinetFortiProxy7.4.0 <= 7.4.4affected
FortinetFortiProxy7.2.0 <= 7.2.10affected
FortinetFortiProxy7.0.0 <= 7.0.23affected
FortinetFortiMail7.4.0 <= 7.4.2affected
FortinetFortiMail7.2.0 <= 7.2.6affected
FortinetFortiMail7.0.0 <= 7.0.9affected
FortinetFortiWeb7.6.0affected
FortinetFortiWeb7.4.0 <= 7.4.4affected
FortinetFortiWeb7.2.0 <= 7.2.12affected
FortinetFortiWeb7.0.0 <= 7.0.12affected
FortinetFortiWeb6.4.0 <= 6.4.3affected
FortinetFortiVoice7.0.0 <= 7.0.4affected
FortinetFortiVoice6.4.0 <= 6.4.9affected
FortinetFortiVoice6.0.7 <= 6.0.12affected

Weaknesses

  • CWE-201: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References