{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-47570","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2024-09-27T16:19:24.136Z","datePublished":"2025-12-09T17:20:42.499Z","dateUpdated":"2026-02-26T16:56:58.331Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiSASE","cpes":["cpe:2.3:a:fortinet:fortisase:24.1.10:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"24.1.10","status":"affected"}]},{"vendor":"Fortinet","product":"FortiProxy","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.4.0","lessThanOrEqual":"7.4.3","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.11","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSRA","cpes":["cpe:2.3:a:fortinet:fortisra:1.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisra:1.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisra:1.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisra:1.4.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"1.4.0","lessThanOrEqual":"1.4.3","status":"affected"}]},{"vendor":"Fortinet","product":"FortiPAM","cpes":["cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"1.4.0","lessThanOrEqual":"1.4.3","status":"affected"},{"versionType":"semver","version":"1.3.0","lessThanOrEqual":"1.3.1","status":"affected"},{"version":"1.2.0","status":"affected"},{"versionType":"semver","version":"1.1.0","lessThanOrEqual":"1.1.2","status":"affected"},{"versionType":"semver","version":"1.0.0","lessThanOrEqual":"1.0.3","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","cpes":["cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.4.0","lessThanOrEqual":"7.4.3","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.7","status":"affected"},{"versionType":"semver","version":"7.0.4","lessThanOrEqual":"7.0.18","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiSRA 1.4 all versions may allow a read-only administrator to retrieve API tokens of other administrators via observing REST API logs, if REST API logging is enabled (non-default configuration)."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2026-01-14T09:18:59.532Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-532","description":"Escalation of privilege","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.3,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C"}}],"solutions":[{"lang":"en","value":"Fortinet remediated this issue in FortiSASE version 24.1.c and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.4.4 or above\nUpgrade to FortiProxy version 7.2.12 or above\nUpgrade to FortiSRA version 1.6.0 or above\nUpgrade to FortiSRA version 1.5.0 or above\nUpgrade to FortiPAM version 1.6.0 or above\nUpgrade to FortiPAM version 1.5.0 or above\nUpgrade to FortiOS version 7.6.0 or above\nUpgrade to FortiOS version 7.4.4 or above\nUpgrade to FortiOS version 7.2.8 or above"}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-24-268","url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-268"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-47570","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-12-10T04:57:25.858238Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T16:56:58.331Z"}}]}}