Unrated severityNVD Advisory· Published Mar 14, 2025· Updated Mar 14, 2025
CVE-2024-40590
CVE-2024-40590
Description
An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=7.4.0 (7.4.0; 7.2.4 and below; 7.0.8 and below; 6.0.15 and below)+ 1 more
- (no CPE)range: <=7.4.0 (7.4.0; 7.2.4 and below; 7.0.8 and below; 6.0.15 and below)
- (no CPE)range: 7.4.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.