CVE-2024-47569
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-14

Last updated on: 2025-10-15

Assigner: Fortinet, Inc.

Description
A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiVoice 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.7 through 6.0.12, FortiMail 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.9, FortiOS 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, 6.2.0 through 6.2.17, 6.0.0 through 6.0.18, FortiWeb 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.11, 7.0.0 through 7.0.11, 6.4.0 through 6.4.3, FortiRecorder 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiNDR 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.5, 7.1.0 through 7.1.1, 7.0.0 through 7.0.7, 1.5.0 through 1.5.3, FortiPAM 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiTester 7.4.0 through 7.4.2, 7.3.0 through 7.3.2, 7.2.0 through 7.2.3, 7.1.0 through 7.1.1, 7.0.0, 4.2.0 through 4.2.1, FortiProxy 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.21, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager 7.6.0 through 7.6.1, 7.4.1 through 7.4.3 allows attacker to disclose sensitive information via specially crafted packets.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-14
Last Modified
2025-10-15
Generated
2026-05-07
AI Q&A
2025-10-14
EPSS Evaluated
2026-05-05
NVD
CVE-2024-47569
Affected Vendors & Products
Showing 23 associated CPEs
Vendor Product Version / Range
fortinet fortiproxy From 7.6.0 (inc) to 7.6.4 (inc)
fortinet fortios From 7.4.0 (inc) to 7.4.9 (inc)
fortinet fortios From 7.4.0 (inc) to 7.4.9 (inc)
fortinet fortimail From 7.0.0 (inc) to 7.2.7 (exc)
fortinet fortimail From 7.4.0 (inc) to 7.4.3 (exc)
fortinet fortimanager From 7.4.1 (inc) to 7.4.4 (exc)
fortinet fortimanager From 7.6.0 (inc) to 7.6.2 (exc)
fortinet fortimanager_cloud From 7.4.1 (inc) to 7.4.4 (exc)
fortinet fortindr From 1.5.0 (inc) to 7.4.9 (exc)
fortinet fortindr From 7.6.0 (inc) to 7.6.2 (inc)
fortinet fortios From 7.4.0 (inc) to 7.4.9 (inc)
fortinet fortios From 7.4.0 (inc) to 7.4.9 (inc)
fortinet fortios 7.6.0
fortinet fortipam From 1.0.0 (inc) to 1.3.1 (inc)
fortinet fortiproxy From 7.6.0 (inc) to 7.6.4 (inc)
fortinet fortirecorder From 7.0.0 (inc) to 7.0.5 (exc)
fortinet fortirecorder From 7.2.0 (inc) to 7.2.2 (exc)
fortinet fortisase 24.3.20
fortinet fortitester From 4.2.0 (inc) to 7.4.3 (exc)
fortinet fortivoice From 6.0.7 (inc) to 6.4.10 (exc)
fortinet fortivoice From 7.0.0 (inc) to 7.0.5 (exc)
fortinet fortiweb From 6.4.0 (inc) to 7.4.5 (exc)
fortinet fortiweb 7.6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the insertion of sensitive information into sent data in various Fortinet products, including FortiManager Cloud, FortiVoice, FortiMail, FortiOS, FortiWeb, FortiRecorder, FortiNDR, FortiPAM, FortiTester, FortiProxy, and others. An attacker can exploit this by sending specially crafted packets to these affected versions, which allows them to disclose sensitive information.


How can this vulnerability impact me? :

The vulnerability can lead to the disclosure of sensitive information to an attacker. This means that confidential data handled by the affected Fortinet products could be exposed, potentially compromising security and privacy.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart