CVSS: 10.0EPSS: 45%CPEs: 11EXPL: 10CVE-2024-23113 – Fortinet Multiple Products Format String Vulnerability
https://notcve.org/view.php?id=CVE-2024-23113
15 Feb 2024 — A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. Un uso de cadena de formato controlada externamente en Fortinet Fo... • https://github.com/zgimszhd61/CVE-2024-23113 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-47537
https://notcve.org/view.php?id=CVE-2023-47537
15 Feb 2024 — An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6, 7.4.0 - 7.4.1 and 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch. Una vulnerabilidad de validación de certificado incorrecta en Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6 y 7.4.0 - 7.4.1 permite que un atacante remoto y no autenticado realice un ataque Man-in-the-Middle en... • https://fortiguard.com/psirt/FG-IR-23-301 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 91%CPEs: 9EXPL: 8CVE-2024-21762 – Fortinet FortiOS Out-of-Bound Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-21762
09 Feb 2024 — A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests Una escritura fuera de los límites en Fortinet FortiOS versiones 7.4.0 ... • https://packetstorm.news/files/id/177602 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-44250
https://notcve.org/view.php?id=CVE-2023-44250
10 Jan 2024 — An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. Una vulnerabilidad de administración de privilegios inadecuada [CWE-269] en un clúster Fortinet FortiOS HA versión 7.4.0 a 7.4.1 y 7.2.5 y en un clúster FortiProxy HA versión 7.4.0 a 7.4.1 permite que un atacante autenticado rea... • https://fortiguard.com/psirt/FG-IR-23-315 • CWE-269: Improper Privilege Management •