CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-31488
https://notcve.org/view.php?id=CVE-2024-31488
14 May 2024 — An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests. Una neutralización inadecuada de entradas durante la vulnerabilidad de generación de páginas web [CWE-79] en FortiNAC versión 9.4.0 a 9.4.4, 9.... • https://fortiguard.com/psirt/FG-IR-24-040 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31491
https://notcve.org/view.php?id=CVE-2024-31491
14 May 2024 — A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests. Una aplicación del lado del cliente de la seguridad del lado del servidor en Fortinet FortiSandbox versión 4.4.0 a 4.4.4 y 4.2.0 a 4.2.6 permite al atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP. • https://fortiguard.com/psirt/FG-IR-24-054 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31492
https://notcve.org/view.php?id=CVE-2024-31492
10 Apr 2024 — An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. Un control externo de la vulnerabilidad de nombre de archivo o ruta [CWE-73] en FortiClientMac versión 7.2.3 y anteriores, versión 7.0.10 y el instalador inferior puede permitir a un atacante local ejecutar códig... • https://fortiguard.com/psirt/FG-IR-23-345 • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21755
https://notcve.org/view.php?id=CVE-2024-21755
09 Apr 2024 — A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet FortiSandbox versión 4.4.0 a 4.4.3 y 4.2.0 a 4.2.6 y 4.0.0 a 4.0.4 permite al ... • https://fortiguard.com/psirt/FG-IR-23-489 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48784
https://notcve.org/view.php?id=CVE-2023-48784
09 Apr 2024 — A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests. El uso de una vulnerabilidad de cadena de formato controlada externamente [CWE-134] en FortiOS versión 7.4.1 e inferior, versión 7.2.7 e inferior, versión 7.0.14 e inferior, ve... • https://fortiguard.com/psirt/FG-IR-23-413 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-47542
https://notcve.org/view.php?id=CVE-2023-47542
09 Apr 2024 — A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates. Una neutralización inadecuada de elementos especiales utilizados en un motor de plantillas [CWE-1336] en FortiManager versiones 7.4.1 e inferiores, versiones 7.2.4 e inferiores, y 7.0.10 e inferiores permite al atacante ejecutar código o comandos no ... • https://fortiguard.com/psirt/FG-IR-23-419 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21756
https://notcve.org/view.php?id=CVE-2024-21756
09 Apr 2024 — A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet FortiSandbox versión 4.4.0 a 4.4.3 y 4.2.0 a 4.2.6 y 4.0.0 a 4.0.4 permite al ... • https://fortiguard.com/psirt/FG-IR-23-489 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-47540
https://notcve.org/view.php?id=CVE-2023-47540
09 Apr 2024 — An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet FortiSandbox versión 4.4.0 a 4.4.2 y 4.... • https://fortiguard.com/psirt/FG-IR-23-411 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-31487
https://notcve.org/view.php?id=CVE-2024-31487
09 Apr 2024 — A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests. Una limitación inadecuada de un nombre de ruta a un directorio restringido ("path traversal") en Fortinet FortiSandbox versión 4.4.0 a 4.... • https://fortiguard.com/psirt/FG-IR-24-060 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 0CVE-2023-41677
https://notcve.org/view.php?id=CVE-2023-41677
09 Apr 2024 — A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack Credenciales insuficientemente protegidas en Fortinet FortiProxy 7.4.0, ... • https://fortiguard.com/psirt/FG-IR-23-493 • CWE-522: Insufficiently Protected Credentials •