
PEACH
Un framework di isolamento del tenant
CVE-2024-47569 is an Insertion of Sensitive Information Into Sent Data vulnerability affecting multiple Fortinet products' csfd daemon. The vulnerability was discovered internally by Gwendal Guégniaud of Fortinet Product Security team and disclosed on October 14, 2025. The affected products include FortiManager, FortiMail, FortiNDR, FortiOS, FortiPAM, FortiProxy, FortiRecorder, FortiTester, FortiVoice, and FortiWeb across various versions (Fortinet Advisory).
The vulnerability allows a remote authenticated attacker to read small and non-arbitrary parts of memory through the csfd daemon. The severity is rated as Medium with a CVSS v3.1 Base Score of 4.2 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). The vulnerability is classified under CWE-201 (Insertion of Sensitive Information Into Sent Data) (Fortinet Advisory, NVD).
The vulnerability could lead to information disclosure, potentially exposing sensitive data from memory. While the impact is limited to small and non-arbitrary parts of memory, it still presents a security risk for affected systems (Fortinet Advisory).
Fortinet has released patches for affected versions and recommends upgrading to the fixed versions. For example, FortiOS 7.6.0 users should upgrade to 7.6.1 or above, FortiMail 7.4.0-7.4.2 users should upgrade to 7.4.3 or above, and FortiManager 7.6.0-7.6.1 users should upgrade to 7.6.2 or above. For systems running end-of-life versions, migration to a supported version is recommended. Users can follow the recommended upgrade path using Fortinet's upgrade tool at https://docs.fortinet.com/upgrade-tool (Fortinet Advisory).
Fonte: Questo report è stato generato utilizzando l'intelligenza artificiale
Valutazione gratuita delle vulnerabilità
Valuta le tue pratiche di sicurezza cloud in 9 domini di sicurezza per confrontare il tuo livello di rischio e identificare le lacune nelle tue difese.
Richiedi una demo personalizzata
"La migliore esperienza utente che abbia mai visto offre piena visibilità ai carichi di lavoro cloud."
"Wiz fornisce un unico pannello di controllo per vedere cosa sta succedendo nei nostri ambienti cloud."
"Sappiamo che se Wiz identifica qualcosa come critico, in realtà lo è."