Filtered by vendor Fortinet
Subscribe
Total
735 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-42790 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-03-19 | N/A | 8.1 HIGH |
A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | |||||
CVE-2023-36554 | 1 Fortinet | 1 Fortimanager | 2024-03-15 | N/A | 9.8 CRITICAL |
A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | |||||
CVE-2023-42789 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-03-15 | N/A | 9.8 CRITICAL |
A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | |||||
CVE-2023-47534 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2024-03-15 | N/A | 8.8 HIGH |
A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets. | |||||
CVE-2024-23112 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-03-15 | N/A | 4.3 MEDIUM |
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation. | |||||
CVE-2023-44253 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-03-11 | N/A | 5.0 MEDIUM |
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. | |||||
CVE-2023-26206 | 1 Fortinet | 1 Fortinac | 2024-03-01 | N/A | 6.1 MEDIUM |
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs. | |||||
CVE-2024-23109 | 1 Fortinet | 1 Fortisiem | 2024-02-28 | N/A | 9.8 CRITICAL |
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | |||||
CVE-2024-23108 | 1 Fortinet | 1 Fortisiem | 2024-02-28 | N/A | 9.8 CRITICAL |
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | |||||
CVE-2023-34991 | 1 Fortinet | 1 Fortiwlm | 2024-02-28 | N/A | 9.8 CRITICAL |
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request. | |||||
CVE-2023-41673 | 1 Fortinet | 1 Fortiadc | 2024-02-28 | N/A | 5.4 MEDIUM |
An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests. | |||||
CVE-2023-44248 | 1 Fortinet | 1 Fortiedr | 2024-02-28 | N/A | 5.5 MEDIUM |
An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service. | |||||
CVE-2023-33304 | 1 Fortinet | 1 Forticlient | 2024-02-28 | N/A | 5.5 MEDIUM |
A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. | |||||
CVE-2023-41676 | 1 Fortinet | 1 Fortisiem | 2024-02-28 | N/A | 6.5 MEDIUM |
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs. | |||||
CVE-2023-48783 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | N/A | 5.4 MEDIUM |
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. | |||||
CVE-2023-46712 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | N/A | 8.8 HIGH |
A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests. | |||||
CVE-2023-29177 | 1 Fortinet | 2 Fortiadc, Fortiddos-f | 2024-02-28 | N/A | 6.7 MEDIUM |
Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests. | |||||
CVE-2023-40719 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-02-28 | N/A | 5.5 MEDIUM |
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials. | |||||
CVE-2023-28002 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-02-28 | N/A | 6.7 MEDIUM |
An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. | |||||
CVE-2023-36553 | 1 Fortinet | 1 Fortisiem | 2024-02-28 | N/A | 9.8 CRITICAL |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests. |