NotCVE - vendor:"Fortinet" product:"FortiNDR" version:" >= 7.2.0 <= 7.2.1"

4 results (0.002 seconds)

CVSS: 5.8EPSS: 0%CPEs: 17EXPL: 0

CVE-2023-33302

https://notcve.org/view.php?id=CVE-2023-33302

31 Mar 2025 — A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-21-023 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-47573

https://notcve.org/view.php?id=CVE-2024-47573

14 Mar 2025 — An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image. • https://fortiguard.fortinet.com/psirt/FG-IR-23-461 • CWE-354: Improper Validation of Integrity Check Value •

CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-48790

https://notcve.org/view.php?id=CVE-2023-48790

11 Mar 2025 — A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-353 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.7EPSS: 0%CPEs: 99EXPL: 0

CVE-2022-23439

https://notcve.org/view.php?id=CVE-2022-23439

22 Jan 2025 — A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.... • https://fortiguard.com/psirt/FG-IR-21-254 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •