
CVE-2023-29180
https://notcve.org/view.php?id=CVE-2023-29180
22 Feb 2024 — A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests. Una desreferencia de puntero nulo en Fortinet FortiOS versión 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.14, 6.0.0 a 6.... • https://fortiguard.com/psirt/FG-IR-23-111 • CWE-476: NULL Pointer Dereference •

CVE-2023-29179
https://notcve.org/view.php?id=CVE-2023-29179
22 Feb 2024 — A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy version 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 allows attacker to denial of service via specially crafted HTTP requests. Una desreferencia de puntero nulo en Fortinet FortiOS versión 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, Fortiproxy versión 7.2.0 a 7.2.4, 7.0.0 a 7.0.10 permite atacante a la denegación de servicio a través de solicitudes HTTP especialmente manipuladas... • https://fortiguard.com/psirt/FG-IR-23-125 • CWE-476: NULL Pointer Dereference •

CVE-2023-29181
https://notcve.org/view.php?id=CVE-2023-29181
22 Feb 2024 — A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command. Un uso de cadena de formato controlada externamente en Fortinet FortiOS 7.2.0 a 7... • https://fortiguard.com/psirt/FG-IR-23-119 • CWE-134: Use of Externally-Controlled Format String •

CVE-2024-23113 – Fortinet Multiple Products Format String Vulnerability
https://notcve.org/view.php?id=CVE-2024-23113
15 Feb 2024 — A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. Un uso de cadena de formato controlada externamente en Fortinet Fo... • https://github.com/zgimszhd61/CVE-2024-23113 • CWE-134: Use of Externally-Controlled Format String •

CVE-2023-47537
https://notcve.org/view.php?id=CVE-2023-47537
15 Feb 2024 — An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6, 7.4.0 - 7.4.1 and 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch. Una vulnerabilidad de validación de certificado incorrecta en Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6 y 7.4.0 - 7.4.1 permite que un atacante remoto y no autenticado realice un ataque Man-in-the-Middle en... • https://fortiguard.com/psirt/FG-IR-23-301 • CWE-295: Improper Certificate Validation •

CVE-2024-21762 – Fortinet FortiOS Out-of-Bound Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-21762
09 Feb 2024 — A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests Una escritura fuera de los límites en Fortinet FortiOS versiones 7.4.0 ... • https://packetstorm.news/files/id/177602 • CWE-787: Out-of-bounds Write •

CVE-2023-47536
https://notcve.org/view.php?id=CVE-2023-47536
13 Dec 2023 — An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update. Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiOS versión 7.2.0, versión 7.0.13 e inferior, versión 6.4.14 e inferior y Forti... • https://fortiguard.com/psirt/FG-IR-23-432 • CWE-284: Improper Access Control •

CVE-2023-41678
https://notcve.org/view.php?id=CVE-2023-41678
13 Dec 2023 — A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request. Un doble gratuito en las versiones Fortinet FortiOS 7.0.0 a 7.0.5, FortiPAM versión 1.0.0 a 1.0.3, 1.1.0 a 1.1.1 permite a un atacante ejecutar código o comandos no autorizados a través de una solicitud específicamente manipulada. • https://fortiguard.com/psirt/FG-IR-23-196 • CWE-415: Double Free •

CVE-2023-36639
https://notcve.org/view.php?id=CVE-2023-36639
13 Dec 2023 — A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests. Un uso de cadena de formato controlada externamente en Fortinet FortiProxy versiones 7.2.0 a 7.2.4, 7.0.0 a 7.0.10, versiones de... • https://fortiguard.com/psirt/FG-IR-23-138 • CWE-134: Use of Externally-Controlled Format String •

CVE-2023-28002
https://notcve.org/view.php?id=CVE-2023-28002
14 Nov 2023 — An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. Una vulnerabilidad de validación inadecuada del valor de verificación de integridad [CWE-354] en FortiOS 7.2.0 a 7.2.3, ... • https://fortiguard.com/psirt/FG-IR-22-396 • CWE-354: Improper Validation of Integrity Check Value •