CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-42791
https://notcve.org/view.php?id=CVE-2023-42791
20 Feb 2024 — A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests. Un path traversal relativo en Fortinet FortiManager versión 7.4.0 y 7.2.0 a 7.2.3 y 7.0.0 a 7.0.8 y 6.4.0 a 6.4.12 y 6.2.0 a 6.2.11 permite al atacante ejecutar código no autorizado o comandos a través de solicitudes HTTP manipuladas. • https://fortiguard.com/psirt/FG-IR-23-189 • CWE-23: Relative Path Traversal •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-44253
https://notcve.org/view.php?id=CVE-2023-44253
15 Feb 2024 — An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. Una exposición de información confidencial a una vulnerabilidad de actor no autorizado [CWE-200] en Fortinet FortiManager versión 7.4.0 a 7.4.1 y ante... • https://fortiguard.com/psirt/FG-IR-23-268 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-40719
https://notcve.org/view.php?id=CVE-2023-40719
14 Nov 2023 — A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials. Un uso de vulnerabilidad de credenciales codificadas en Fortinet FortiAnalyzer y FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 y 7.4.0 permite a un atacante acceder a datos de pruebas privados de Fortinet mediante el uso de credenciales estáticas. • https://fortiguard.com/psirt/FG-IR-23-177 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 1CVE-2023-44256
https://notcve.org/view.php?id=CVE-2023-44256
20 Oct 2023 — A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request. Una vulnerabilidad de server-side request forgery [CWE-918] en Fortinet FortiAnalyzer versión 7.4.0, versión 7.2.0 a 7.2.3 y anteriores a 7.0.8 y Fo... • https://fortiguard.com/psirt/FG-IR-19-039 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-41679
https://notcve.org/view.php?id=CVE-2023-41679
10 Oct 2023 — An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs Una vulnerabilidad de control de acceso inadecuado [CWE-284] en la interfaz de administración de FortiManager 7.2.0 a 7.2.2, 7.0.0 a 7.0.7, 6.... • https://fortiguard.com/psirt/FG-IR-23-062 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2023-25607
https://notcve.org/view.php?id=CVE-2023-25607
10 Oct 2023 — An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC 7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least ... • https://fortiguard.com/psirt/FG-IR-22-352 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-41838
https://notcve.org/view.php?id=CVE-2023-41838
10 Oct 2023 — An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en FortiManager 7.4.0 y 7.2.0 a 7.2.3 puede permitir que un atacante ejecute código o comandos no autorizados a través de FortiManager cli. • https://fortiguard.com/psirt/FG-IR-23-169 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2023-42788
https://notcve.org/view.php?id=CVE-2023-42788
10 Oct 2023 — An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command Una neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando de... • https://fortiguard.com/psirt/FG-IR-23-167 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 1CVE-2023-42787
https://notcve.org/view.php?id=CVE-2023-42787
10 Oct 2023 — A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. Una vulnerabilidad de aplicación de seguridad del lado del servidor [CWE-602] en Fortinet FortiManager versión 7.4.0 y anteriores a 7.2.3 y FortiAnalyzer versión 7.4.0 y anteriores a 7.2.3 puede permitir que un atacant... • https://fortiguard.com/psirt/FG-IR-23-187 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-44249
https://notcve.org/view.php?id=CVE-2023-44249
10 Oct 2023 — An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. Una vulnerabilidad de omisión de autorización a través de clave controlada por el usuario [CWE-639] en Fortinet FortiManager versión 7.4.0 y anteriores a 7.2.3 y FortiAnalyzer versión 7.4.0 y anteriores a 7.2.3 permite a un ataca... • https://fortiguard.com/psirt/FG-IR-23-201 • CWE-639: Authorization Bypass Through User-Controlled Key •