CVE-2024-40590
4.8
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 2.2 / Impact: 2.5
Source: psirt@fortinet.com (Secondary)
Description
An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints.
Affected (3)
Products: Fortinet: Fortiportal
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 6.0.0 to 7.0.9 |
References (1)
Timeline
No history available yet.