Page 2 of 9 results (0.017 seconds)

CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0

An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API. Un control de acceso incorrecto en Fortinet FortiSwitchManager, versiones 7.2.0 a 7.2.2 y versiones 7.0.0 a 7.0.1, puede permitir que un usuario remoto autenticado con permisos de solo lectura modifique la configuración de la interfaz a través de la API. • https://fortiguard.com/psirt/FG-IR-22-174 • CWE-284: Improper Access Control •

CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-393 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •

CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-391 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •

CVSS: 9.8EPSS: 97%CPEs: 6EXPL: 23

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. Una omisión de autenticación usando una ruta o canal alternativo [CWE-288] en Fortinet FortiOS versión versiones 7.2.0 hasta 7.2.1 y 7.0.0 hasta 7.0.6, FortiProxy versión 7.2.0 y versiones 7.0.0 hasta 7.0.6 y FortiSwitchManager versión 7.2.0 y 7.0.0, permite a un atacante no autenticado llevar a cabo operaciones en la interfaz administrativa por medio de peticiones HTTP o HTTPS especialmente diseñadas Fortinet FortiOS, FortiProxy, and FortiSwitchManager version 7.2.1 suffers from a authentication bypass vulnerability. Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. • https://www.exploit-db.com/exploits/51092 https://github.com/horizon3ai/CVE-2022-40684 https://github.com/carlosevieira/CVE-2022-40684 https://github.com/HAWA771/CVE-2022-40684 https://github.com/hughink/CVE-2022-40684 https://github.com/secunnix/CVE-2022-40684 https://github.com/kljunowsky/CVE-2022-40684-POC https://github.com/TaroballzChen/CVE-2022-40684-metasploit-scanner https://github.com/mohamedbenchikh/CVE-2022-40684 https://github.com/qingsiweisan/CVE-2022-40684 https:&#x • CWE-287: Improper Authentication •