CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-32117
https://notcve.org/view.php?id=CVE-2024-32117
12 Nov 2024 — An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-115 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 87%CPEs: 6EXPL: 15CVE-2024-47575 – Fortinet FortiManager Missing Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2024-47575
23 Oct 2024 — A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests. A missing auth... • https://packetstorm.news/files/id/182936 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-44254
https://notcve.org/view.php?id=CVE-2023-44254
10 Sep 2024 — An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request. Una vulnerabilidad de omisión de autorización a través de una clave controlada por el usuario [CWE-639] en FortiAnalyzer versión 7.4.1 y anteriores a 7.2.5 y FortiManager versión 7.4.1 y anteriores a 7.2.5 puede permitir que un atacante remo... • https://fortiguard.com/psirt/FG-IR-23-204 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2023-41842
https://notcve.org/view.php?id=CVE-2023-41842
12 Mar 2024 — A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. Un uso de... • https://fortiguard.com/psirt/FG-IR-23-304 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-36554
https://notcve.org/view.php?id=CVE-2023-36554
12 Mar 2024 — A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. Un control de acceso inadecuado en Fortinet FortiManager versión 7.4.0, versión 7.2.0 a 7.2.3, versión 7.0.0 a 7.0.10, versión 6.4.0 a 6.4.13, 6.2 todas las versiones permite a un atacante ejecutar código o comandos no autorizados a través de sol... • https://fortiguard.com/psirt/FG-IR-23-103 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-42791
https://notcve.org/view.php?id=CVE-2023-42791
20 Feb 2024 — A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests. Un path traversal relativo en Fortinet FortiManager versión 7.4.0 y 7.2.0 a 7.2.3 y 7.0.0 a 7.0.8 y 6.4.0 a 6.4.12 y 6.2.0 a 6.2.11 permite al atacante ejecutar código no autorizado o comandos a través de solicitudes HTTP manipuladas. • https://fortiguard.com/psirt/FG-IR-23-189 • CWE-23: Relative Path Traversal •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-44253
https://notcve.org/view.php?id=CVE-2023-44253
15 Feb 2024 — An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. Una exposición de información confidencial a una vulnerabilidad de actor no autorizado [CWE-200] en Fortinet FortiManager versión 7.4.0 a 7.4.1 y ante... • https://fortiguard.com/psirt/FG-IR-23-268 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-41679
https://notcve.org/view.php?id=CVE-2023-41679
10 Oct 2023 — An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs Una vulnerabilidad de control de acceso inadecuado [CWE-284] en la interfaz de administración de FortiManager 7.2.0 a 7.2.2, 7.0.0 a 7.0.7, 6.... • https://fortiguard.com/psirt/FG-IR-23-062 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2023-25607
https://notcve.org/view.php?id=CVE-2023-25607
10 Oct 2023 — An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC 7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least ... • https://fortiguard.com/psirt/FG-IR-22-352 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-41838
https://notcve.org/view.php?id=CVE-2023-41838
10 Oct 2023 — An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en FortiManager 7.4.0 y 7.2.0 a 7.2.3 puede permitir que un atacante ejecute código o comandos no autorizados a través de FortiManager cli. • https://fortiguard.com/psirt/FG-IR-23-169 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •