Sensitive Information Exposure in FortiOS by Fortinet
CVE-2024-46665

Currently unrated

Key Information:

Vendor: Fortinet
Status: FortiOS
Vendor: CVE Published:; 14 January 2025

Summary

A vulnerability exists in FortiOS versions 7.6.0 and 7.4.0 through 7.4.4, where an attacker positioned in a man-in-the-middle attack could potentially intercept accounting requests. This may lead to the unintended exposure of the RADIUS accounting server shared secret, compromising the security of sensitive data. Organizations using affected versions should take immediate action to secure their systems against possible exploitation.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-326

Timeline

Vulnerability published
Jan 14, 2025