Key Management Errors in Fortinet FortiAnalyzer and FortiManager Products
CVE-2024-40593

5.9MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiportal; Fortianalyzer; FortiOS; Fortimanager
Vendor: CVE Published:; 11 December 2025

What is CVE-2024-40593?

A vulnerability has been identified in Fortinet's FortiAnalyzer and FortiManager products, stemming from key management errors that may allow an authenticated administrator to access a certificate's private key through the device's administrative shell. This flaw affects multiple versions of FortiAnalyzer and FortiManager, as well as FortiOS and FortiPortal products, posing risks related to sensitive information exposure.

Affected Version(s)

FortiAnalyzer 7.4.0 <= 7.4.2

FortiAnalyzer 7.2.0 <= 7.2.5

FortiAnalyzer 7.0.0 <= 7.0.15

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-133

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Jul 5, 2024

JSON