CVSS: 4.7EPSS: 0%CPEs: 99EXPL: 0CVE-2022-23439
https://notcve.org/view.php?id=CVE-2022-23439
22 Jan 2025 — A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.... • https://fortiguard.com/psirt/FG-IR-21-254 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50563
https://notcve.org/view.php?id=CVE-2024-50563
16 Jan 2025 — A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. Una autenticación débil en Fortinet FortiManager Cloud, FortiAnalyzer versiones 7.6.0 a 7.6.1, 7.4.1 a 7.4.3, FortiAnalyzer Cloud versiones 7.4.1 a ... • https://fortiguard.fortinet.com/psirt/FG-IR-24-221 • CWE-1390: Weak Authentication •
CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45331
https://notcve.org/view.php?id=CVE-2024-45331
16 Jan 2025 — A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands • https://fortiguard.fortinet.com/psirt/FG-IR-24-127 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-32115
https://notcve.org/view.php?id=CVE-2024-32115
14 Jan 2025 — A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-097 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47571
https://notcve.org/view.php?id=CVE-2024-47571
14 Jan 2025 — An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials. • https://fortiguard.fortinet.com/psirt/FG-IR-24-239 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35277
https://notcve.org/view.php?id=CVE-2024-35277
14 Jan 2025 — A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets • https://fortiguard.fortinet.com/psirt/FG-IR-24-135 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2024-33502
https://notcve.org/view.php?id=CVE-2024-33502
14 Jan 2025 — An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-143 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-33503
https://notcve.org/view.php?id=CVE-2024-33503
14 Jan 2025 — A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands • https://fortiguard.fortinet.com/psirt/FG-IR-24-127 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-48884
https://notcve.org/view.php?id=CVE-2024-48884
14 Jan 2025 — A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiRecorder versions 7.2.0 throu... • https://fortiguard.fortinet.com/psirt/FG-IR-24-259 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35273
https://notcve.org/view.php?id=CVE-2024-35273
14 Jan 2025 — A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-106 • CWE-787: Out-of-bounds Write •