CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-42786
https://notcve.org/view.php?id=CVE-2023-42786
14 Jan 2025 — A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request. • https://fortiguard.fortinet.com/psirt/FG-IR-23-293 • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-42785
https://notcve.org/view.php?id=CVE-2023-42785
14 Jan 2025 — A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request. • https://fortiguard.fortinet.com/psirt/FG-IR-23-293 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 9CVE-2024-55591 – Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-55591
14 Jan 2025 — An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows... • https://github.com/watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 3.7EPSS: 0%CPEs: 14EXPL: 0CVE-2024-52963
https://notcve.org/view.php?id=CVE-2024-52963
14 Jan 2025 — A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets. • https://fortiguard.fortinet.com/psirt/FG-IR-24-373 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2024-26011
https://notcve.org/view.php?id=CVE-2024-26011
12 Nov 2024 — A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, ... • https://fortiguard.fortinet.com/psirt/FG-IR-24-032 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-33510
https://notcve.org/view.php?id=CVE-2024-33510
12 Nov 2024 — An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests. An improper neutralization of special elements in output used by a... • https://fortiguard.fortinet.com/psirt/FG-IR-24-033 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50176
https://notcve.org/view.php?id=CVE-2023-50176
12 Nov 2024 — A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link. • https://fortiguard.fortinet.com/psirt/FG-IR-23-475 • CWE-384: Session Fixation •
CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2022-45862
https://notcve.org/view.php?id=CVE-2022-45862
13 Aug 2024 — An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials. • https://fortiguard.com/psirt/FG-IR-22-445 • CWE-613: Insufficient Session Expiration •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36505
https://notcve.org/view.php?id=CVE-2024-36505
13 Aug 2024 — An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system. • https://fortiguard.fortinet.com/psirt/FG-IR-24-012 • CWE-284: Improper Access Control •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26015
https://notcve.org/view.php?id=CVE-2024-26015
09 Jul 2024 — An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-446 • CWE-1389: Incorrect Parsing of Numbers with Different Radices •