CVE-2024-40593

EUVD-2024-55320

11.12.2025, 15:15

A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
fortinet	CNA	5.9 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Affected Products (NVD)

Vendor	Product	Version
fortinet	fortianalyzer	6.4.0 ≤ 𝑥 < 7.2.6
fortinet	fortianalyzer	7.4.0 ≤ 𝑥 < 7.4.3
fortinet	fortimanager	6.4.0 ≤ 𝑥 < 7.2.6
fortinet	fortimanager	7.4.0 ≤ 𝑥 < 7.4.3
fortinet	fortios	7.0.14
fortinet	fortios	7.2.7
fortinet	fortios	7.4.4
fortinet	fortios	7.6.0
fortinet	fortiportal	6.0.0 ≤ 𝑥 ≤ 6.0.15

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-320 -

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-133