CVE-2024-52962

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-52962
An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and FortiManager version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.12 and below may allow an unauthenticated remote attacker to pollute the logs via crafted login requests.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-453 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
History

23 Jul 2025, 16:02

Type Values Removed Values Added
First Time Fortinet fortianalyzer
Fortinet
Fortinet fortimanager
CPE cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-453 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-453 - Vendor Advisory
Summary
  • (es) Una vulnerabilidad de neutralización de salida inadecuada para registros [CWE-117] en FortiAnalyzer versión 7.6.1 y anteriores, versión 7.4.5 y anteriores, versión 7.2.8 y anteriores, versión 7.0.13 y anteriores y FortiManager versión 7.6.1 y anteriores, versión 7.4.5 y anteriores, versión 7.2.8 y anteriores, versión 7.0.12 y anteriores puede permitir que un atacante remoto no autenticado contamine los registros a través de solicitudes de inicio de sesión manipuladas.

08 Apr 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-08 14:15

Updated : 2025-07-23 16:02

NVD link : CVE-2024-52962

Mitre link : CVE-2024-52962

CVE.ORG link : CVE-2024-52962

JSON object : View

Products Affected

fortinet

  • fortianalyzer
  • fortimanager
CWE
CWE-117

Improper Output Neutralization for Logs