46 results (0.005 seconds)

CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 0

A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device. • https://fortiguard.fortinet.com/psirt/FG-IR-21-067 • CWE-416: Use After Free •

CVSS: 6.7EPSS: 0%CPEs: 10EXPL: 0

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-098 • CWE-121: Stack-based Buffer Overflow •

CVSS: 5.6EPSS: 0%CPEs: 10EXPL: 0

A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests • https://fortiguard.fortinet.com/psirt/FG-IR-24-125 • CWE-122: Heap-based Buffer Overflow •

CVSS: 2.3EPSS: 0%CPEs: 10EXPL: 0

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-179 • CWE-23: Relative Path Traversal •

CVSS: 6.7EPSS: 0%CPEs: 10EXPL: 0

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-116 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •