CVEFinder.io

CVE-2024-47569

🔶 medium
🔍 Scan for this CVE
Summary

A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.

Description

A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets.

CVSS Score
4.3
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2025-10-14
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 5.4% of all 326,604 vulnerabilities in our database.

#308,897
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Oct 16, 2025
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-01-14
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE IDs (Weakness Types)
CWE-201

📦 Affected Products 23

Vendor Product Status Affected Versions
fortinet fortios Affected
≥ 6.0.0 < 6.4.16
fortinet fortios Affected
≥ 7.0.0 < 7.0.16
fortinet fortios Affected
≥ 7.2.0 < 7.2.9
fortinet fortios Affected
≥ 7.4.0 < 7.4.5
fortinet fortios Affected
v7.6.0
fortinet fortiweb Affected
≥ 6.4.0 < 7.4.5
fortinet fortiweb Affected
v7.6.0
fortinet fortimail Affected
≥ 7.0.0 < 7.2.7
fortinet fortimail Affected
≥ 7.4.0 < 7.4.3
fortinet fortimanager Affected
≥ 7.4.1 < 7.4.4
fortinet fortimanager Affected
≥ 7.6.0 < 7.6.2
fortinet fortivoice Affected
≥ 6.0.7 < 6.4.10
fortinet fortivoice Affected
≥ 7.0.0 < 7.0.5
fortinet fortitester Affected
≥ 4.2.0 < 7.4.3
fortinet fortiproxy Affected
≥ 1.0.0 < 7.2.11
fortinet fortiproxy Affected
≥ 7.4.0 < 7.4.5
fortinet fortipam Affected
≥ 1.0.0 ≤ 1.3.1
fortinet fortindr Affected
≥ 1.5.0 < 7.4.9
fortinet fortindr Affected
≥ 7.6.0 ≤ 7.6.2
fortinet fortimanager_cloud Affected
≥ 7.4.1 < 7.4.4
fortinet fortirecorder Affected
≥ 7.0.0 < 7.0.5
fortinet fortirecorder Affected
≥ 7.2.0 < 7.2.2
fortinet fortisase Affected
v24.3.20

🔗 References 1

https://fortiguard.fortinet.com/psirt/FG-IR-24-228
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-53844 ⚠️ high 8.8 0.0 A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 ... 2026-05-12
CVE-2025-53681 ⚠️ high 7.2 0.0 An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerab... 2026-05-12
CVE-2025-67604 🔶 medium 5.3 0.1 A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0... 2026-05-12
CVE-2026-25088 🔶 medium 5.4 0.0 An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiN... 2026-05-12
CVE-2025-53847 🔶 medium 6.5 0.0 A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 thro... 2026-04-14
CVE-2026-39811 🔶 medium 4.9 0.1 A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, F... 2026-04-14
These CVEs affect the same products