CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21761
https://notcve.org/view.php?id=CVE-2024-21761
12 Mar 2024 — An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload. Una vulnerabilidad de autorización inadecuada [CWE-285] en los informes de FortiPortal versión 7.2.0 y versiones 7.0.6 e inferiores puede permitir a un usuario descargar informes de otras organizaciones mediante modificaciones en el payload de la solicitud. • https://fortiguard.com/psirt/FG-IR-24-016 • CWE-285: Improper Authorization •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2023-41842
https://notcve.org/view.php?id=CVE-2023-41842
12 Mar 2024 — A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. Un uso de... • https://fortiguard.com/psirt/FG-IR-23-304 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-36554
https://notcve.org/view.php?id=CVE-2023-36554
12 Mar 2024 — A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. Un control de acceso inadecuado en Fortinet FortiManager versión 7.4.0, versión 7.2.0 a 7.2.3, versión 7.0.0 a 7.0.10, versión 6.4.0 a 6.4.13, 6.2 todas las versiones permite a un atacante ejecutar código o comandos no autorizados a través de sol... • https://fortiguard.com/psirt/FG-IR-23-103 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-29180
https://notcve.org/view.php?id=CVE-2023-29180
22 Feb 2024 — A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests. Una desreferencia de puntero nulo en Fortinet FortiOS versión 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.14, 6.0.0 a 6.... • https://fortiguard.com/psirt/FG-IR-23-111 • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29179
https://notcve.org/view.php?id=CVE-2023-29179
22 Feb 2024 — A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy version 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 allows attacker to denial of service via specially crafted HTTP requests. Una desreferencia de puntero nulo en Fortinet FortiOS versión 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, Fortiproxy versión 7.2.0 a 7.2.4, 7.0.0 a 7.0.10 permite atacante a la denegación de servicio a través de solicitudes HTTP especialmente manipuladas... • https://fortiguard.com/psirt/FG-IR-23-125 • CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2023-29181
https://notcve.org/view.php?id=CVE-2023-29181
22 Feb 2024 — A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command. Un uso de cadena de formato controlada externamente en Fortinet FortiOS 7.2.0 a 7... • https://fortiguard.com/psirt/FG-IR-23-119 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2023-42791
https://notcve.org/view.php?id=CVE-2023-42791
20 Feb 2024 — A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests. Un path traversal relativo en Fortinet FortiManager versión 7.4.0 y 7.2.0 a 7.2.3 y 7.0.0 a 7.0.8 y 6.4.0 a 6.4.12 y 6.2.0 a 6.2.11 permite al atacante ejecutar código no autorizado o comandos a través de solicitudes HTTP manipuladas. • https://github.com/synacktiv/CVE-2023-42791_CVE-2024-23666 • CWE-23: Relative Path Traversal •
CVSS: 10.0EPSS: 3%CPEs: 11EXPL: 10CVE-2024-23113 – Fortinet Multiple Products Format String Vulnerability
https://notcve.org/view.php?id=CVE-2024-23113
15 Feb 2024 — A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. Un uso de cadena de formato controlada externamente en Fortinet Fo... • https://github.com/zgimszhd61/CVE-2024-23113 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-47537
https://notcve.org/view.php?id=CVE-2023-47537
15 Feb 2024 — An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6, 7.4.0 - 7.4.1 and 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch. Una vulnerabilidad de validación de certificado incorrecta en Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6 y 7.4.0 - 7.4.1 permite que un atacante remoto y no autenticado realice un ataque Man-in-the-Middle en... • https://fortiguard.com/psirt/FG-IR-23-301 • CWE-295: Improper Certificate Validation •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-44253
https://notcve.org/view.php?id=CVE-2023-44253
15 Feb 2024 — An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. Una exposición de información confidencial a una vulnerabilidad de actor no autorizado [CWE-200] en Fortinet FortiManager versión 7.4.0 a 7.4.1 y ante... • https://fortiguard.com/psirt/FG-IR-23-268 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •