Fortinet Forti* - Sensitive Data Disclosure via Crafted Packets (v<=7.6)
CVE-2024-47569 Published on October 14, 2025

A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets.

NVD

Vulnerability Analysis

CVE-2024-47569 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. Sensitive information could include data that is sensitive in and of itself (such as credentials or private messages), or otherwise useful in the further exploitation of the system (such as internal file system structure).

Products Associated with CVE-2024-47569

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-47569 are published in these products:

Fortinet Fortivoice

Fortinet FortiManager

Fortinet Fortirecorder

Fortinet FortiOS

Fortinet Fortipam

Fortinet Fortitester

Fortinet Fortimail

Fortinet Fortimanagercloud

Fortinet Fortindr

Fortinet FortiProxy

Fortinet FortiWeb

Affected Versions

Fortinet FortiManager Cloud:

Version 7.4.1, <= 7.4.3 is affected.

Fortinet FortiTester:

Version 7.4.0, <= 7.4.2 is affected.
Version 7.3.0, <= 7.3.2 is affected.
Version 7.2.0, <= 7.2.3 is affected.
Version 7.1.0, <= 7.1.1 is affected.
Version 7.0.0 is affected.
Version 4.2.0, <= 4.2.1 is affected.

Fortinet FortiNDR:

Version 7.6.0, <= 7.6.1 is affected.
Version 7.4.0, <= 7.4.8 is affected.
Version 7.2.0, <= 7.2.5 is affected.
Version 7.1.0, <= 7.1.1 is affected.
Version 7.0.0, <= 7.0.7 is affected.
Version 1.5.0, <= 1.5.3 is affected.

Fortinet FortiManager:

Version 7.4.1, <= 7.4.3 is affected.

Fortinet FortiPAM:

Version 1.3.0, <= 1.3.1 is affected.
Version 1.2.0 is affected.
Version 1.1.0, <= 1.1.2 is affected.
Version 1.0.0, <= 1.0.3 is affected.

Fortinet FortiOS:

Version 7.6.0 is affected.
Version 7.4.0, <= 7.4.4 is affected.
Version 7.2.0, <= 7.2.8 is affected.
Version 7.0.0, <= 7.0.15 is affected.
Version 6.4.0, <= 6.4.15 is affected.

Fortinet FortiRecorder:

Version 7.2.0, <= 7.2.1 is affected.
Version 7.0.0, <= 7.0.4 is affected.

Fortinet FortiProxy:

Version 7.4.0, <= 7.4.4 is affected.
Version 7.2.0, <= 7.2.10 is affected.
Version 7.0.0, <= 7.0.23 is affected.

Fortinet FortiMail:

Version 7.4.0, <= 7.4.2 is affected.
Version 7.2.0, <= 7.2.6 is affected.
Version 7.0.0, <= 7.0.9 is affected.

Fortinet FortiWeb:

Version 7.6.0 is affected.
Version 7.4.0, <= 7.4.4 is affected.
Version 7.2.0, <= 7.2.12 is affected.
Version 7.0.0, <= 7.0.12 is affected.
Version 6.4.0, <= 6.4.3 is affected.

Fortinet FortiVoice:

Version 7.0.0, <= 7.0.4 is affected.
Version 6.4.0, <= 6.4.9 is affected.
Version 6.0.7, <= 6.0.12 is affected.

Exploit Probability

EPSS

0.01%

Percentile

0.86%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Fortinet Forti* - Sensitive Data Disclosure via Crafted Packets (v<=7.6)CVE-2024-47569 Published on October 14, 2025

Vulnerability Analysis

Weakness Type

Insertion of Sensitive Information Into Sent Data

Products Associated with CVE-2024-47569

Affected Versions

Exploit Probability

Fortinet Forti* - Sensitive Data Disclosure via Crafted Packets (v<=7.6)
CVE-2024-47569 Published on October 14, 2025