VYPR
Unrated severityNVD Advisory· Published Mar 14, 2025· Updated Mar 14, 2025

CVE-2024-40590

CVE-2024-40590

Description

An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Fortinet/Fortiportalllm-fuzzy2 versions
    <=7.4.0 (7.4.0; 7.2.4 and below; 7.0.8 and below; 6.0.15 and below)+ 1 more
    • (no CPE)range: <=7.4.0 (7.4.0; 7.2.4 and below; 7.0.8 and below; 6.0.15 and below)
    • (no CPE)range: 7.4.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.