CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-52962

High Severity
SVRS
52/100
CVSSv3
5.3/10
EPSS
0.00043/1

Alert: CVE-2024-52962 is a medium severity vulnerability affecting FortiAnalyzer and FortiManager. This Improper Output Neutralization vulnerability [CWE-117] allows an unauthenticated remote attacker to pollute logs through crafted login requests. Versions affected include FortiAnalyzer 7.6.1 and below, 7.4.5 and below, 7.2.8 and below, 7.0.13 and below, and FortiManager 7.6.1 and below, 7.4.5 and below, 7.2.8 and below, 7.0.12 and below. With a SOCRadar Vulnerability Risk Score (SVRS) of 52, this vulnerability is not considered critical, but requires monitoring. Successful exploitation can lead to log poisoning, potentially masking malicious activities and hindering incident response efforts. The presence of the 'In The Wild' tag suggests active exploitation, increasing the urgency of patching. Organizations using affected Fortinet products should apply the available patches to mitigate the risk. The relatively lower CVSS score of 5.3 may underestimate the true impact due to the subtle nature of log pollution.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:N
I:L
A:N
PUBLICATION DATE2025-04-08
LAST MODIFIED2025-04-08
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-52962 is an Improper Output Neutralization for Logs vulnerability (CWE-117) affecting FortiAnalyzer and FortiManager. Specifically, versions 7.6.1 and below, 7.4.5 and below, 7.2.8 and below, and 7.0.13 (FortiAnalyzer) or 7.0.12 (FortiManager) and below are vulnerable. This flaw allows an unauthenticated remote attacker to pollute the logs via crafted login requests. Although the CVSS score is 5 (Medium Severity), the SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting a lower immediate risk compared to vulnerabilities with SVRS scores above 80. This vulnerability is actively exploited by hackers.

Key Insights

  1. Log Pollution: The primary impact of this vulnerability is log pollution. An attacker can inject arbitrary data into the logs, which can hinder incident response, forensic analysis, and compliance efforts. Over time, this can obscure genuine security events and make it more difficult to detect malicious activity.

  2. Unauthenticated Remote Access: The vulnerability can be exploited by an unauthenticated remote attacker, widening the attack surface and making it easier for malicious actors to target vulnerable systems. This ease of exploitation increases the likelihood of the vulnerability being leveraged.

  3. Affected Products and Versions: The vulnerability affects multiple versions of both FortiAnalyzer and FortiManager, increasing the potential number of affected organizations. Specifically, it impacts versions 7.6.1 and below, 7.4.5 and below, 7.2.8 and below, and 7.0.13 or 7.0.12 and below depending on whether the product is FortiAnalyzer or FortiManager, respectively.

  4. In The Wild: The vulnerability is actively exploited by hackers.

Mitigation Strategies

  1. Apply Patches/Upgrades: Immediately upgrade FortiAnalyzer and FortiManager to patched versions. This is the most effective way to remediate the vulnerability. Prioritize systems exposed to the internet.

  2. Log Monitoring and Alerting: Implement or enhance log monitoring and alerting capabilities. This will help in detecting anomalous activities caused by potential exploitation attempts. Focus on monitoring for unusual login request patterns and unexpected log entries.

  3. Web Application Firewall (WAF) Rules: Consider deploying custom WAF rules to filter out potentially malicious login requests targeting the vulnerable components. This can provide an additional layer of defense while waiting for patches or implementing other mitigations.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Fortinet plugs security holes in several products - heise online
2025-04-09
Fortinet plugs security holes in several products - heise online | News Content: Fortinet has released security updates for numerous products. One of the vulnerabilities is considered a critical risk, while two others have a "high" threat level. Anzeige The most serious is a security gap in Fortiswitches, which allows attackers to change admin passwords with specially prepared requests from the network without authentication (CVE-2024-48887, CVSS 9.3, risk "critical"). The gap is closed by software versions 6.4.15, 7.0.11, 7.2.9, 7.4.5 or 7.6.1 and newer. Fortinet: High-risk gaps In addition, there are insufficient restrictions on desired endpoints in communication channels
google.com
rss
forum
news
CVE-2024-52962 | Fortinet FortiAnalyzer/FortiManager Login neutralization for logs (FG-IR-24-453)
vuldb.com2025-04-08
CVE-2024-52962 | Fortinet FortiAnalyzer/FortiManager Login neutralization for logs (FG-IR-24-453) | A vulnerability classified as problematic was found in Fortinet FortiAnalyzer and FortiManager. Affected by this vulnerability is an unknown functionality of the component Login Handler. The manipulation leads to improper output neutralization for logs. This vulnerability is known as CVE-2024-52962. The attack can be launched remotely. There is no
vuldb.com
rss
forum
news

Social Media

CVE-2024-52962 An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version… https://t.co/2Tjj0wvZQ2
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
HTTPS://FORTIGUARD.FORTINET.COM/PSIRT/FG-IR-24-453https://fortiguard.fortinet.com/psirt/FG-IR-24-453
[email protected]https://fortiguard.fortinet.com/psirt/FG-IR-24-453

CWE Details

CWE IDCWE NameDescription
CWE-117Improper Output Neutralization for LogsThe software does not neutralize or incorrectly neutralizes output that is written to logs.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence