CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-21757
https://notcve.org/view.php?id=CVE-2024-21757
13 Aug 2024 — A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup. • https://fortiguard.fortinet.com/psirt/FG-IR-23-467 • CWE-620: Unverified Password Change •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2023-41842
https://notcve.org/view.php?id=CVE-2023-41842
12 Mar 2024 — A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. Un uso de... • https://fortiguard.com/psirt/FG-IR-23-304 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-44253
https://notcve.org/view.php?id=CVE-2023-44253
15 Feb 2024 — An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. Una exposición de información confidencial a una vulnerabilidad de actor no autorizado [CWE-200] en Fortinet FortiManager versión 7.4.0 a 7.4.1 y ante... • https://fortiguard.com/psirt/FG-IR-23-268 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •