CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-45583
https://notcve.org/view.php?id=CVE-2023-45583
14 May 2024 — A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http req... • https://fortiguard.com/psirt/FG-IR-23-137 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2023-29181
https://notcve.org/view.php?id=CVE-2023-29181
22 Feb 2024 — A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command. Un uso de cadena de formato controlada externamente en Fortinet FortiOS 7.2.0 a 7... • https://fortiguard.com/psirt/FG-IR-23-119 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23438
https://notcve.org/view.php?id=CVE-2022-23438
18 Jul 2022 — An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page. Una neutralización inapropiada de la entrada durante la generación de la página web ("Cross-site Scripting") [CWE-79] vulnerabilidad en FortiOS versión 7.0.5 y anteriores y 6.4.9 y anterior... • https://fortiguard.com/psirt/FG-IR-21-057 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 1CVE-2021-44168 – Fortinet FortiOS Arbitrary File Download
https://notcve.org/view.php?id=CVE-2021-44168
04 Jan 2022 — A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages. Una vulnerabilidad de descarga de código sin comprobación de integridad en el comando "execute restore src-vis" de FortiOS versiones anteriores a 7.0.3, puede permitir a un atacante local autenticado descargar archivos arbitrarios en el dispositivo por medio de paquet... • https://github.com/0xhaggis/CVE-2021-44168 • CWE-494: Download of Code Without Integrity Check •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-24018
https://notcve.org/view.php?id=CVE-2021-24018
04 Aug 2021 — A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image. Una vulnerabilidad de subescritura del búfer en la rutina de verificación del firmware de FortiOS versiones anteriores a 7.0.1, puede permitir a un atacante ubicado en la red adyacente ejecutar potencialmente código arbitrario por medio de una imagen de firmware específicamente dis... • https://fortiguard.com/advisory/FG-IR-21-046 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 0CVE-2019-17656
https://notcve.org/view.php?id=CVE-2019-17656
12 Apr 2021 — A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en el demonio HTTPD de FortiOS version... • https://fortiguard.com/advisory/FG-IR-19-248 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15938
https://notcve.org/view.php?id=CVE-2020-15938
04 Mar 2021 — When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header. Cuando el tráfico que no es HTTP/S (por ejemplo: tráfico SSH, etc.) atraviesa el FortiGate en versiones inferiores a 6.2.5 y por debajo de 6.4.2 en el puerto 80/443, no se redirecciona hacia la política de proxy transparente para su procesamiento, ya que no presenta ... • https://fortiguard.com/advisory/FG-IR-20-172 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6648
https://notcve.org/view.php?id=CVE-2020-6648
21 Oct 2020 — A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command. Un vulnerabilidad almacenamiento de información confidencial en texto sin cifrar en la interfaz de línea de comandos de FortiOS en las versiones 6.2.4 y anteriores y Forti... • https://www.fortiguard.com/psirt/FG-IR-20-009 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 36EXPL: 0CVE-2020-12818
https://notcve.org/view.php?id=CVE-2020-12818
24 Sep 2020 — An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. Una vulnerabilidad de registro insuficiente en FortiGate versiones anteriores a 6.4.1, puede permitir que el tráfico de un atacante no autenticado hacia direcciones IP propiedad de Fortinet pase desapercibido. • https://fortiguard.com/advisory/FG-IR-20-033 •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2019-5591 – Fortinet FortiOS Default Configuration Vulnerability
https://notcve.org/view.php?id=CVE-2019-5591
14 Aug 2020 — A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. Una vulnerabilidad de Configuración Predeterminada en FortiOS puede permitir a un atacante no autenticado en la misma subred interceptar información confidencial al hacerse pasar por el servidor LDAP. Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to interce... • https://www.fortiguard.com/psirt/FG-IR-19-037 • CWE-306: Missing Authentication for Critical Function •