CVE-2024-40593 - Vulnerability Details

Description

A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell.

Published: 2025-12-11

Score: 5.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Fortinet

FortiAnalyzer

unaffected

Version	Status	Constraints
`7.4.0`	affected	≤ 7.4.2
`7.2.0`	affected	≤ 7.2.5
`7.0.0`	affected	≤ 7.0.15
`6.4.0`	affected	≤ 6.4.15

Fortinet

FortiPortal

unaffected

Version	Status	Constraints
`6.0.0`	affected	≤ 6.0.15

Fortinet

FortiOS

unaffected

Version	Status	Constraints
`7.6.0`	affected	—
`7.4.4`	affected	—
`7.2.7`	affected	—
`7.0.14`	affected	—

Fortinet

FortiManager

unaffected

Version	Status	Constraints
`7.4.0`	affected	≤ 7.4.2
`7.2.0`	affected	≤ 7.2.5
`7.0.0`	affected	≤ 7.0.15
`6.4.0`	affected	≤ 6.4.15

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortianalyzer::::::::

Configuration 2 [-]

OR	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::

Configuration 3 [-]

OR	cpe:2.3:o:fortinet:fortios:7.0.14:::::::*
	cpe:2.3:o:fortinet:fortios:7.2.7:::::::*
	cpe:2.3:o:fortinet:fortios:7.4.4:::::::*
	cpe:2.3:o:fortinet:fortios:7.6.0:::::::*

Configuration 4 [-]

cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

Upgrade to FortiAnalyzer version 7.6.0 or above Upgrade to FortiAnalyzer version 7.4.3 or above Upgrade to FortiAnalyzer version 7.2.6 or above Upgrade to FortiPortal version 7.0.0 or above Upgrade to FortiOS version 7.6.1 or above Upgrade to FortiOS version 7.4.5 or above Upgrade to FortiOS version 7.2.8 or above Upgrade to FortiOS version 7.0.15 or above Upgrade to FortiManager version 7.4.3 or above Upgrade to FortiManager version 7.2.6 or above

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00011.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://fortiguard.fortinet.com/psirt/FG-IR-24-133

History

Fri, 12 Dec 2025 18:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:fortinet:fortianalyzer:::::::: cpe:2.3:a:fortinet:fortimanager:::::::: cpe:2.3:a:fortinet:fortiportal::::::::

Thu, 11 Dec 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 11 Dec 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description		A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell.
First Time appeared		Fortinet Fortinet fortianalyzer Fortinet fortimanager Fortinet fortios Fortinet fortiportal
Weaknesses		CWE-320
CPEs		cpe:2.3:a:fortinet:fortiportal:6.0.0:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.10:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.11:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.12:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.13:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.14:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.15:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.1:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.2:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.3:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.4:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.5:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.6:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.7:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.8:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.9:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.0:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.10:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.11:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.12:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.13:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.14:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.15:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.1:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.2:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.3:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.4:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.5:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.6:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.7:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.8:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.9:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.0:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.10:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.11:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.12:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.13:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.14:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.15:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.1:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.2:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.3:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.4:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.5:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.6:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.7:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.8:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.9:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.0:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.1:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.2:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.3:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.4:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.5:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.4.0:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.4.1:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.4.2:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.0:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.10:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.11:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.12:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.13:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.14:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.15:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.1:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.2:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.3:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.4:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.5:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.6:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.7:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.8:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.9:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.10:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.11:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.12:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.13:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.14:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.15:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.5:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.6:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.7:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.8:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.9:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.5:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.2:::::::* cpe:2.3:o:fortinet:fortios:7.0.14:::::::* cpe:2.3:o:fortinet:fortios:7.2.7:::::::* cpe:2.3:o:fortinet:fortios:7.4.4:::::::* cpe:2.3:o:fortinet:fortios:7.6.0:::::::*
Vendors & Products		Fortinet Fortinet fortianalyzer Fortinet fortimanager Fortinet fortios Fortinet fortiportal
References		https://fortiguard.fortinet.com/psirt/FG-IR-24-133
Metrics		cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C'}`

Subscriptions

Fortinet Fortianalyzer Fortimanager Fortios Fortiportal

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2025-12-11T14:10:08.880Z

Updated: 2026-01-14T09:14:43.851Z

Reserved: 2024-07-05T11:55:50.011Z

Link: CVE-2024-40593

Vulnrichment

Updated: 2025-12-11T14:47:58.187Z

NVD

Status : Analyzed

Published: 2025-12-11T15:15:46.243

Modified: 2025-12-12T18:28:55.367

Link: CVE-2024-40593

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object