CVE-2024-52966

Summary

An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiAnalyzer7.6.0affected
FortinetFortiAnalyzer7.4.0 <= 7.4.4affected
FortinetFortiAnalyzer7.2.0 <= 7.2.7affected
FortinetFortiAnalyzer7.0.0 <= 7.0.13affected
FortinetFortiAnalyzer6.4.0 <= 6.4.15affected

Weaknesses

  • CWE-200: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References