CVSS: 6.7EPSS: 0%CPEs: 12EXPL: 0CVE-2023-36640
https://notcve.org/view.php?id=CVE-2023-36640
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands Un uso de cadena de formato controlada externamente en las versiones Fortinet FortiProxy 7.2.0 a 7.2.4, 7.0.0 a 7.0.10, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13, 1.1.0 a 1.1. 6, 1.0.0 a 1.0.7, versiones de FortiPAM 1.0.0 a 1.0.3, versiones de FortiOS 7.2.0, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15, 6.0.0 a 6.0.16 permite al atacante ejecutar código o comandos no autorizados mediante comandos especialmente manipulados • https://fortiguard.com/psirt/FG-IR-23-137 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2023-45583
https://notcve.org/view.php?id=CVE-2023-45583
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests. Un uso de cadena de formato controlada externamente en Fortinet FortiProxy versiones 7.2.0 a 7.2.5, 7.0.0 a 7.0.11, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13, 1.1.0 a 1.1. 6 Versiones de FortiPAM 1.1.0, 1.0.0 a 1.0.3 Versiones de FortiOS 7.4.0, 7.2.0 a 7.2.5, 7.0.0 a 7.0.13, 6.4.0 a 6.4.14, 6.2.0 a 6.2. 15 Las versiones 7.2.0 a 7.2.2, 7.0.0 a 7.0.2 de FortiSwitchManager permiten a un atacante ejecutar código o comandos no autorizados a través de comandos cli y solicitudes http especialmente manipulados. • https://fortiguard.com/psirt/FG-IR-23-137 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2023-41677
https://notcve.org/view.php?id=CVE-2023-41677
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack Credenciales insuficientemente protegidas en Fortinet FortiProxy 7.4.0, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13, 1.1.0 a 1.1.6 , 1.0.0 a 1.0.7, Fortinet FortiOS 7.4.0 a 7.4.1, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15 , 6.0.0 a 6.0.17 permite al atacante ejecutar código o comandos no autorizados mediante un ataque de ingeniería social dirigido • https://fortiguard.com/psirt/FG-IR-23-493 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-29180
https://notcve.org/view.php?id=CVE-2023-29180
A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests. Una desreferencia de puntero nulo en Fortinet FortiOS versión 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.14, 6.0.0 a 6.0.16, FortiProxy 7.2 .0 a 7.2.3, 7.0.0 a 7.0.10, 2.0.0 a 2.0.12, 1.2.0 a 1.2.13, 1.1.0 a 1.1.6, 1.0.0 a 1.0.7 permite al atacante negar del servicio a través de solicitudes HTTP especialmente manipuladas. • https://fortiguard.com/psirt/FG-IR-23-111 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0CVE-2023-29181
https://notcve.org/view.php?id=CVE-2023-29181
A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command. Un uso de cadena de formato controlada externamente en Fortinet FortiOS 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.14, 6.0.0 a 6.0.16 , FortiProxy 7.2.0 a 7.2.4, 7.0.0 a 7.0.10, 2.0.0 a 2.0.12, 1.2.0 a 1.2.13, 1.1.0 a 1.1.6, 1.0.0 a 1.0.7, FortiPAM 1.0.0 a 1.0.3 permite a un atacante ejecutar código o comandos no autorizados mediante un comando especialmente manipulado. • https://fortiguard.com/psirt/FG-IR-23-119 • CWE-134: Use of Externally-Controlled Format String •