CVE-2024-47569

EUVD-2024-55033

14.10.2025, 16:15

A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
fortinet	CNA	4.2 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
fortinet	fortimail	7.0.0 ≤ 𝑥 < 7.2.7
fortinet	fortimail	7.4.0 ≤ 𝑥 < 7.4.3
fortinet	fortimanager	7.4.1 ≤ 𝑥 < 7.4.4
fortinet	fortimanager	7.6.0 ≤ 𝑥 < 7.6.2
fortinet	fortimanager_cloud	7.4.1 ≤ 𝑥 < 7.4.4
fortinet	fortindr	1.5.0 ≤ 𝑥 < 7.4.9
fortinet	fortindr	7.6.0 ≤ 𝑥 ≤ 7.6.2
fortinet	fortios	6.0.0 ≤ 𝑥 < 6.4.16
fortinet	fortios	7.0.0 ≤ 𝑥 < 7.0.16
fortinet	fortios	7.2.0 ≤ 𝑥 < 7.2.9
fortinet	fortios	7.4.0 ≤ 𝑥 < 7.4.5
fortinet	fortios	7.6.0
fortinet	fortipam	1.0.0 ≤ 𝑥 ≤ 1.3.1
fortinet	fortiproxy	1.0.0 ≤ 𝑥 < 7.2.11
fortinet	fortiproxy	7.4.0 ≤ 𝑥 < 7.4.5
fortinet	fortirecorder	7.0.0 ≤ 𝑥 < 7.0.5
fortinet	fortirecorder	7.2.0 ≤ 𝑥 < 7.2.2
fortinet	fortisase	24.3.20
fortinet	fortitester	4.2.0 ≤ 𝑥 < 7.4.3
fortinet	fortivoice	6.0.7 ≤ 𝑥 < 6.4.10
fortinet	fortivoice	7.0.0 ≤ 𝑥 < 7.0.5
fortinet	fortiweb	6.4.0 ≤ 𝑥 < 7.4.5
fortinet	fortiweb	7.6.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-201 - Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-228