CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 0CVE-2024-32117
https://notcve.org/view.php?id=CVE-2024-32117
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-115 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40592
https://notcve.org/view.php?id=CVE-2024-40592
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process. • https://fortiguard.fortinet.com/psirt/FG-IR-24-022 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36507
https://notcve.org/view.php?id=CVE-2024-36507
A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering. • https://fortiguard.fortinet.com/psirt/FG-IR-24-205 • CWE-426: Untrusted Search Path •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-33510
https://notcve.org/view.php?id=CVE-2024-33510
An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-033 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50176
https://notcve.org/view.php?id=CVE-2023-50176
A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link. • https://fortiguard.fortinet.com/psirt/FG-IR-23-475 • CWE-384: Session Fixation •