CVE-2024-46665

Published: Jan 14, 2025Modified: Jan 31, 2025

3.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.2 / Impact: 1.4

Source: NVD

Description

An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests.

Affected (2)

Products: Fortinet: Fortios

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 7.4.0 to 7.4.5
Fortinet Fortios	Version 7.6.0

Related CWEs

Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-326

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.