FortiMail: cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 throug…
Summary
A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.
- FortiMail 7.6: 7.6.0 through 7.6.2
- FortiMail 7.4: 7.4.0 through 7.4.4
- FortiMail 7.2: 7.2.0 through 7.2.7
- FortiMail 7.0: 7.0.0 through 7.0.8
- FortiRecorder 7.2: 7.2.0 through 7.2.3
- FortiRecorder 7.0: 7.0 all versions
- FortiRecorder 6.4: 6.4 all versions
- FortiVoice 7.2: 7.2.0
- FortiVoice 7.0: 7.0.0 through 7.0.6
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- FortiMail 7.6: 7.6.3
- FortiMail 7.4: 7.4.5
- FortiMail 7.2: 7.2.8
- FortiMail 7.0: 7.0.9
- FortiRecorder 7.2: 7.2.4
- FortiRecorder 7.0: migrate to a fixed release
- FortiRecorder 6.4: migrate to a fixed release
- FortiVoice 7.2: 7.2.1
- FortiVoice 7.0: 7.0.7
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Upgrade per the Affected/Solution table: FortiMail 7.6: 7.6.3; FortiMail 7.4: 7.4.5; FortiMail 7.2: 7.2.8; FortiMail 7.0: 7.0.9; FortiRecorder 7.2: 7.2.4; ….
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.