CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23662
https://notcve.org/view.php?id=CVE-2024-23662
An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests. La exposición de información confidencial a un actor no autorizado en Fortinet FortiOS al menos en la versión 7.4.0 a 7.4.1 y 7.2.0 a 7.2.5 y 7.0.0 a 7.0.15 y 6.4.0 a 6.4.15 permite al atacante a la divulgación de información a través de solicitudes HTTP. • https://fortiguard.com/psirt/FG-IR-23-224 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-46717
https://notcve.org/view.php?id=CVE-2023-46717
An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts. Una vulnerabilidad de autenticación incorrecta [CWE-287] en las versiones 7.4.1 y anteriores de FortiOS, las versiones 7.2.6 y siguientes y las versiones 7.0.12 y siguientes cuando se configura con FortiAuthenticator en HA puede permitir que un usuario de solo lectura obtenga acceso de lectura y escritura a través de intentos sucesivos de inicio de sesión. • https://fortiguard.com/psirt/FG-IR-23-424 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2023-42789
https://notcve.org/view.php?id=CVE-2023-42789
A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. Una escritura fuera de límites en Fortinet FortiOS 7.4.0 a 7.4.1, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15, FortiProxy 7.4.0, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 2.0.0 a 2.0.13 permite a un atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP especialmente manipuladas. • https://github.com/jhonnybonny/CVE-2023-42789 https://fortiguard.com/psirt/FG-IR-23-328 • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 7EXPL: 1CVE-2024-23112
https://notcve.org/view.php?id=CVE-2024-23112
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation. Una omisión de autorización a través de una vulnerabilidad de clave controlada por el usuario [CWE-639] en FortiOS versión 7.4.0 a 7.4.1, 7.2.0 a 7.2.6, 7.0.1 a 7.0.13, 6.4.7 a 6.4.14, y FortiProxy versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.8, 7.0.0 a 7.0.14 SSL-VPN puede permitir que un atacante autenticado obtenga acceso al marcador de otro usuario mediante manipulación de URL. • https://github.com/zgimszhd61/CVE-2024-23112 https://fortiguard.com/psirt/FG-IR-24-013 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-42790
https://notcve.org/view.php?id=CVE-2023-42790
A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. Un desbordamiento de búfer en la región stack de la memoria en Fortinet FortiOS 7.4.0 a 7.4.1, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15, FortiProxy 7.4.0, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 2.0.0 a 2.0.13 permiten al atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP especialmente manipuladas. • https://fortiguard.com/psirt/FG-IR-23-328 • CWE-121: Stack-based Buffer Overflow •