CVE-2024-23110
https://notcve.org/view.php?id=CVE-2024-23110
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands Un desbordamiento de búfer basado en pila en Fortinet FortiOS versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.6, 7.0.0 a 7.0.13, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15, 6.0 todas las versiones permiten al atacante ejecutar código o comandos no autorizados mediante comandos especialmente manipulados • https://fortiguard.com/psirt/FG-IR-23-460 • CWE-121: Stack-based Buffer Overflow •
CVE-2023-36640
https://notcve.org/view.php?id=CVE-2023-36640
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands Un uso de cadena de formato controlada externamente en las versiones Fortinet FortiProxy 7.2.0 a 7.2.4, 7.0.0 a 7.0.10, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13, 1.1.0 a 1.1. 6, 1.0.0 a 1.0.7, versiones de FortiPAM 1.0.0 a 1.0.3, versiones de FortiOS 7.2.0, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15, 6.0.0 a 6.0.16 permite al atacante ejecutar código o comandos no autorizados mediante comandos especialmente manipulados • https://fortiguard.com/psirt/FG-IR-23-137 • CWE-134: Use of Externally-Controlled Format String •
CVE-2023-45583
https://notcve.org/view.php?id=CVE-2023-45583
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests. Un uso de cadena de formato controlada externamente en Fortinet FortiProxy versiones 7.2.0 a 7.2.5, 7.0.0 a 7.0.11, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13, 1.1.0 a 1.1. 6 Versiones de FortiPAM 1.1.0, 1.0.0 a 1.0.3 Versiones de FortiOS 7.4.0, 7.2.0 a 7.2.5, 7.0.0 a 7.0.13, 6.4.0 a 6.4.14, 6.2.0 a 6.2. 15 Las versiones 7.2.0 a 7.2.2, 7.0.0 a 7.0.2 de FortiSwitchManager permiten a un atacante ejecutar código o comandos no autorizados a través de comandos cli y solicitudes http especialmente manipulados. • https://fortiguard.com/psirt/FG-IR-23-137 • CWE-134: Use of Externally-Controlled Format String •
CVE-2023-44247
https://notcve.org/view.php?id=CVE-2023-44247
A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. Una doble vulnerabilidad gratuita [CWE-415] en Fortinet FortiOS anterior a 7.0.0 puede permitir a un atacante privilegiado ejecutar código o comandos a través de solicitudes HTTP o HTTPs manipuladas. • https://fortiguard.com/psirt/FG-IR-23-195 • CWE-415: Double Free •
CVE-2023-45586
https://notcve.org/view.php?id=CVE-2023-45586
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets. Una verificación insuficiente de la vulnerabilidad de autenticidad de datos [CWE-345] en Fortinet FortiOS SSL-VPN modo túnel versión 7.4.0 a 7.4.1, versión 7.2.0 a 7.2.7 y anteriores a 7.0.12 y versión de modo túnel FortiProxy SSL-VPN 7.4.0 a 7.4.1, versión 7.2.0 a 7.2.7 y anteriores a 7.0.13 permiten que un usuario de VPN autenticado envíe (pero no reciba) paquetes que falsifiquen la IP de otro usuario a través de paquetes de red manipulados. • https://fortiguard.com/psirt/FG-IR-23-225 • CWE-345: Insufficient Verification of Data Authenticity •