CVE-2024-40585: 
Fortinet FortiManager vulnerability analysis and mitigation

CVE-2024-40585 is a vulnerability discovered in FortiAnalyzer and FortiManager products, classified as an insertion of sensitive information into log file vulnerability [CWE-532]. The vulnerability was initially published on February 11, 2025, and affects multiple versions of FortiAnalyzer (from 6.2.0 through 7.4.0) and FortiManager (from 6.2 through 7.4.0). This security flaw was internally discovered and reported by June Li from Fortinet's QA team and Goutham Dhongadi from Fortinet's FortiGuard Labs (Fortinet PSIRT).

The vulnerability is categorized as a medium severity issue with a CVSSv3 score of 5.9. It specifically affects the eventlog component of both FortiAnalyzer and FortiManager systems, where sensitive information such as certificate private keys and encrypted passwords are inappropriately logged as system log entries. This vulnerability allows any low-privileged user with access to the event log section to retrieve these sensitive credentials (Fortinet PSIRT, NVD).

The primary impact of this vulnerability is information disclosure, potentially exposing sensitive security credentials. Any low-privileged user with access to the event log section can retrieve certificate private keys and encrypted passwords that are logged as system logs. This exposure could lead to unauthorized access to systems and potential compromise of secured communications (Fortinet PSIRT).

Fortinet has released patches for affected versions and recommends the following upgrade paths: For FortiAnalyzer - upgrade to version 7.4.1 or above for 7.4.x, 7.2.4 or above for 7.2.x, 7.0.9 or above for 7.0.x, 6.4.13 or above for 6.4.x, and 6.2.12 or above for 6.2.x. For FortiManager - upgrade to version 7.4.1 or above for 7.4.x, 7.2.4 or above for 7.2.x, 7.0.9 or above for 7.0.x, and migrate to a fixed release for versions 6.4 and 6.2 (Fortinet PSIRT).