Page 4 of 47 results (0.007 seconds)

CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 7

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. Un uso de cadena de formato controlada externamente en Fortinet FortiOS versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.6, 7.0.0 a 7.0.13, FortiProxy versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.8, 7.0.0 a 7.0.14, versiones de FortiPAM 1.2.0, 1.1.0 a 1.1.2, 1.0.0 a 1.0.3, versiones de FortiSwitchManager 7.2.0 a 7.2.3, 7.0.0 a 7.0. 3 permite al atacante ejecutar código o comandos no autorizados a través de paquetes especialmente manipulados. Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. • https://github.com/zgimszhd61/CVE-2024-23113 https://github.com/HazeLook/CVE-2024-23113 https://github.com/maybelookis/CVE-2024-23113 https://github.com/groshi/CVE-2024-23113-Private-POC https://github.com/CheckCve2/CVE-2024-23113 https://github.com/p33d/CVE-2024-23113 https://github.com/puckiestyle/CVE-2024-23113 https://fortiguard.com/psirt/FG-IR-24-029 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 4

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests Una escritura fuera de los límites en Fortinet FortiOS versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.6, 7.0.0 a 7.0.13, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15 , 6.0.0 a 6.0.17, y versiones de FortiProxy 7.4.0 a 7.4.2, 7.2.0 a 7.2.8, 7.0.0 a 7.0.14, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13 , 1.1.0 a 1.1.6, 1.0.0 a 1.0.7. Permite al atacante ejecutar código o comandos no autorizados a través de solicitudes específicamente manipuladas Fortinet FortiOS suffers from an out of bounds write vulnerability. Affected includes Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, and 1.0.0 through 1.0.7. Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests. • https://github.com/h4x0r-dz/CVE-2024-21762 https://github.com/r4p3c4/CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check https://github.com/d0rb/CVE-2024-21762 https://github.com/cleverg0d/CVE-2024-21762-Checker https://fortiguard.com/psirt/FG-IR-24-015 • CWE-787: Out-of-bounds Write •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update. Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiOS versión 7.2.0, versión 7.0.13 e inferior, versión 6.4.14 e inferior y FortiProxy versión 7.2.3 e inferior, versión 7.0.9 e inferior, versión 2.0.12 y a continuación pueden permitir que un atacante remoto no autenticado evite la política de geolocalización de denegación del firewall sincronizando la omisión con una actualización de la base de datos GeoIP. • https://fortiguard.com/psirt/FG-IR-23-432 • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests. Un uso de cadena de formato controlada externamente en Fortinet FortiProxy versiones 7.2.0 a 7.2.4, 7.0.0 a 7.0.10, versiones de FortiOS 7.4.0, 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.15, 6.0.0 a 6.0.17, las versiones de FortiPAM 1.0.0 a 1.0.3 permiten al atacante ejecutar código o comandos no autorizados a través de solicitudes API especialmente manipuladas. • https://fortiguard.com/psirt/FG-IR-23-138 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0

An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. Una vulnerabilidad de validación inadecuada del valor de verificación de integridad [CWE-354] en FortiOS 7.2.0 a 7.2.3, 7.0.0 a 7.0.12, 6.4 todas las versiones, 6.2 todas las versiones, 6.0 todas las versiones y FortiProxy 7.2 todas las versiones, 7.0 todas versiones, 2.0 todas las versiones. Las máquinas virtuales pueden permitir que un atacante local con privilegios de administrador inicie una imagen maliciosa en el dispositivo y omita la verificación de integridad del sistema de archivos vigente. An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. • https://fortiguard.com/psirt/FG-IR-22-396 • CWE-354: Improper Validation of Integrity Check Value •