CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2022-41333 – FortiRecorder 6.4.3 - Denial of Service
https://notcve.org/view.php?id=CVE-2022-41333
An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests. FortiRecorder version 6.4.3 suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/51326 https://github.com/polar0x/CVE-2022-41333 http://packetstormsecurity.com/files/171766/FortiRecorder-6.4.3-Denial-Of-Service.html https://fortiguard.com/psirt/FG-IR-22-388 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-39953
https://notcve.org/view.php?id=CVE-2022-39953
A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. • https://fortiguard.com/psirt/FG-IR-22-309 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39951
https://notcve.org/view.php?id=CVE-2022-39951
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-254 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25611
https://notcve.org/view.php?id=CVE-2023-25611
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. • https://fortiguard.com/psirt/FG-IR-22-488 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25605
https://notcve.org/view.php?id=CVE-2023-25605
A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-23-050 • CWE-284: Improper Access Control •