CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-54021
https://notcve.org/view.php?id=CVE-2024-54021
14 Jan 2025 — An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header. • https://fortiguard.fortinet.com/psirt/FG-IR-24-282 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-48886
https://notcve.org/view.php?id=CVE-2024-48886
14 Jan 2025 — A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. • https://fortiguard.fortinet.com/psirt/FG-IR-24-221 • CWE-1390: Weak Authentication •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-48884
https://notcve.org/view.php?id=CVE-2024-48884
14 Jan 2025 — A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiRecorder versions 7.2.0 throu... • https://fortiguard.fortinet.com/psirt/FG-IR-24-259 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-46715
https://notcve.org/view.php?id=CVE-2023-46715
14 Jan 2025 — An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets. • https://fortiguard.com/psirt/FG-IR-23-407 • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2024-46670
https://notcve.org/view.php?id=CVE-2024-46670
14 Jan 2025 — An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests. An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthe... • https://fortiguard.fortinet.com/psirt/FG-IR-24-266 • CWE-125: Out-of-bounds Read •
CVSS: 3.7EPSS: 0%CPEs: 14EXPL: 0CVE-2024-52963
https://notcve.org/view.php?id=CVE-2024-52963
14 Jan 2025 — A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets. • https://fortiguard.fortinet.com/psirt/FG-IR-24-373 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2024-26011
https://notcve.org/view.php?id=CVE-2024-26011
12 Nov 2024 — A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, ... • https://fortiguard.fortinet.com/psirt/FG-IR-24-032 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-33510
https://notcve.org/view.php?id=CVE-2024-33510
12 Nov 2024 — An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests. An improper neutralization of special elements in output used by a... • https://fortiguard.fortinet.com/psirt/FG-IR-24-033 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26015
https://notcve.org/view.php?id=CVE-2024-26015
09 Jul 2024 — An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-446 • CWE-1389: Incorrect Parsing of Numbers with Different Radices •
CVSS: 7.6EPSS: 0%CPEs: 18EXPL: 0CVE-2024-26010
https://notcve.org/view.php?id=CVE-2024-26010
11 Jun 2024 — A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 throu... • https://fortiguard.fortinet.com/psirt/FG-IR-24-036 • CWE-121: Stack-based Buffer Overflow •