CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-23110
https://notcve.org/view.php?id=CVE-2024-23110
11 Jun 2024 — A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands Un desbordamiento de búfer basado en pila en Fortinet FortiOS versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.6, 7.0.0 a 7.0.13, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15, 6.0 todas las versiones permiten al atacante ejecutar código o comandos no autorizados median... • https://fortiguard.com/psirt/FG-IR-23-460 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.7EPSS: 0%CPEs: 12EXPL: 0CVE-2023-36640
https://notcve.org/view.php?id=CVE-2023-36640
14 May 2024 — A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands Un uso de cadena de formato controlada externamente en las versiones... • https://fortiguard.com/psirt/FG-IR-23-137 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-45583
https://notcve.org/view.php?id=CVE-2023-45583
14 May 2024 — A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http req... • https://fortiguard.com/psirt/FG-IR-23-137 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 0CVE-2023-41677
https://notcve.org/view.php?id=CVE-2023-41677
09 Apr 2024 — A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack Credenciales insuficientemente protegidas en Fortinet FortiProxy 7.4.0, ... • https://fortiguard.com/psirt/FG-IR-23-493 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-29180
https://notcve.org/view.php?id=CVE-2023-29180
22 Feb 2024 — A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests. Una desreferencia de puntero nulo en Fortinet FortiOS versión 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.14, 6.0.0 a 6.... • https://fortiguard.com/psirt/FG-IR-23-111 • CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2023-29181
https://notcve.org/view.php?id=CVE-2023-29181
22 Feb 2024 — A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command. Un uso de cadena de formato controlada externamente en Fortinet FortiOS 7.2.0 a 7... • https://fortiguard.com/psirt/FG-IR-23-119 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 91%CPEs: 9EXPL: 8CVE-2024-21762 – Fortinet FortiOS Out-of-Bound Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-21762
09 Feb 2024 — A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests Una escritura fuera de los límites en Fortinet FortiOS versiones 7.4.0 ... • https://packetstorm.news/files/id/177602 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-36639
https://notcve.org/view.php?id=CVE-2023-36639
13 Dec 2023 — A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests. Un uso de cadena de formato controlada externamente en Fortinet FortiProxy versiones 7.2.0 a 7.2.4, 7.0.0 a 7.0.10, versiones de... • https://fortiguard.com/psirt/FG-IR-23-138 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2023-28002
https://notcve.org/view.php?id=CVE-2023-28002
14 Nov 2023 — An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. Una vulnerabilidad de validación inadecuada del valor de verificación de integridad [CWE-354] en FortiOS 7.2.0 a 7.2.3, ... • https://fortiguard.com/psirt/FG-IR-22-396 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-36641
https://notcve.org/view.php?id=CVE-2023-36641
14 Nov 2023 — A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests. Un error de truncamient... • https://fortiguard.com/psirt/FG-IR-23-151 • CWE-197: Numeric Truncation Error •