5.3

CVE-2024-52962

Medienbericht
An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and FortiManager version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.12 and below may allow an unauthenticated remote attacker to pollute the logs via crafted login requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortimanager Version >= 7.0.0 < 7.0.14
FortinetFortimanager Version >= 7.2.0 < 7.2.9
FortinetFortimanager Version >= 7.4.0 < 7.4.6
FortinetFortimanager Version >= 7.6.0 < 7.6.2
FortinetFortianalyzer Version >= 7.0.0 < 7.0.14
FortinetFortianalyzer Version >= 7.2.0 < 7.2.9
FortinetFortianalyzer Version >= 7.4.0 < 7.4.6
FortinetFortianalyzer Version >= 7.6.0 < 7.6.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.45% 0.359
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@fortinet.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-117 Improper Output Neutralization for Logs

The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
https://fortiguard.fortinet.com/psirt/FG-IR-24-453
Vendor Advisory