Filtered by vendor Fortinet
Subscribe
Total
974 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45583 | 1 Fortinet | 4 Fortios, Fortipam, Fortiproxy and 1 more | 2024-05-23 | N/A | 7.2 HIGH |
| A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests. | |||||
| CVE-2023-45586 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-05-23 | N/A | 5.0 MEDIUM |
| An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets. | |||||
| CVE-2023-46714 | 1 Fortinet | 1 Fortios | 2024-05-23 | N/A | 7.2 HIGH |
| A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests. | |||||
| CVE-2023-50180 | 1 Fortinet | 1 Fortiadc | 2024-05-23 | N/A | 5.5 MEDIUM |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins. | |||||
| CVE-2024-23105 | 1 Fortinet | 1 Fortiportal | 2024-05-23 | N/A | 7.5 HIGH |
| A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets. | |||||
| CVE-2023-47537 | 1 Fortinet | 1 Fortios | 2024-05-21 | N/A | 4.8 MEDIUM |
| An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6, 7.4.0 - 7.4.1 and 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch. | |||||
| CVE-2023-46717 | 1 Fortinet | 1 Fortios | 2024-03-21 | N/A | 8.8 HIGH |
| An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts. | |||||
| CVE-2024-21761 | 1 Fortinet | 1 Fortiportal | 2024-03-21 | N/A | 4.3 MEDIUM |
| An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload. | |||||
| CVE-2023-42790 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-03-19 | N/A | 8.1 HIGH |
| A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | |||||
| CVE-2023-36554 | 1 Fortinet | 1 Fortimanager | 2024-03-15 | N/A | 9.8 CRITICAL |
| A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | |||||
| CVE-2023-42789 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-03-15 | N/A | 9.8 CRITICAL |
| A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | |||||
| CVE-2023-47534 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2024-03-15 | N/A | 8.8 HIGH |
| A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets. | |||||
| CVE-2024-23112 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-03-15 | N/A | 4.3 MEDIUM |
| An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation. | |||||
| CVE-2023-44253 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-03-11 | N/A | 5.0 MEDIUM |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. | |||||
| CVE-2023-26206 | 1 Fortinet | 1 Fortinac | 2024-03-01 | N/A | 6.1 MEDIUM |
| An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs. | |||||
| CVE-2023-45581 | 1 Fortinet | 1 Forticlient Enterprise Management Server | 2024-02-20 | N/A | 7.2 HIGH |
| An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests. | |||||
| CVE-2024-23109 | 1 Fortinet | 1 Fortisiem | 2024-02-07 | N/A | 9.8 CRITICAL |
| An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | |||||
| CVE-2024-23108 | 1 Fortinet | 1 Fortisiem | 2024-02-07 | N/A | 9.8 CRITICAL |
| An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | |||||
| CVE-2023-37932 | 1 Fortinet | 1 Fortivoice | 2024-01-18 | N/A | 6.5 MEDIUM |
| An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests | |||||
| CVE-2022-27488 | 1 Fortinet | 6 Fortiai, Fortimail, Fortindr and 3 more | 2024-01-18 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests. | |||||