CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-48886
https://notcve.org/view.php?id=CVE-2024-48886
14 Jan 2025 — A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. • https://fortiguard.fortinet.com/psirt/FG-IR-24-221 • CWE-1390: Weak Authentication •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-48884
https://notcve.org/view.php?id=CVE-2024-48884
14 Jan 2025 — A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiRecorder versions 7.2.0 throu... • https://fortiguard.fortinet.com/psirt/FG-IR-24-259 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46668
https://notcve.org/view.php?id=CVE-2024-46668
14 Jan 2025 — An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads. • https://fortiguard.fortinet.com/psirt/FG-IR-24-219 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-46715
https://notcve.org/view.php?id=CVE-2023-46715
14 Jan 2025 — An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets. • https://fortiguard.com/psirt/FG-IR-23-407 • CWE-346: Origin Validation Error •
CVSS: 6.8EPSS: 1%CPEs: 6EXPL: 0CVE-2023-42786
https://notcve.org/view.php?id=CVE-2023-42786
14 Jan 2025 — A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request. • https://fortiguard.fortinet.com/psirt/FG-IR-23-293 • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 1%CPEs: 6EXPL: 0CVE-2023-42785
https://notcve.org/view.php?id=CVE-2023-42785
14 Jan 2025 — A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request. • https://fortiguard.fortinet.com/psirt/FG-IR-23-293 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2024-46670
https://notcve.org/view.php?id=CVE-2024-46670
14 Jan 2025 — An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests. An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthe... • https://fortiguard.fortinet.com/psirt/FG-IR-24-266 • CWE-125: Out-of-bounds Read •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46669
https://notcve.org/view.php?id=CVE-2024-46669
14 Jan 2025 — An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service. An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash t... • https://fortiguard.fortinet.com/psirt/FG-IR-24-267 • CWE-190: Integer Overflow or Wraparound •
CVSS: 3.7EPSS: 0%CPEs: 14EXPL: 0CVE-2024-52963
https://notcve.org/view.php?id=CVE-2024-52963
14 Jan 2025 — A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets. • https://fortiguard.fortinet.com/psirt/FG-IR-24-373 • CWE-787: Out-of-bounds Write •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46665
https://notcve.org/view.php?id=CVE-2024-46665
14 Jan 2025 — An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-326 • CWE-201: Insertion of Sensitive Information Into Sent Data •