CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-48887
https://notcve.org/view.php?id=CVE-2024-48887
08 Apr 2025 — A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request • https://fortiguard.fortinet.com/psirt/FG-IR-24-435 • CWE-620: Unverified Password Change •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-37936
https://notcve.org/view.php?id=CVE-2023-37936
14 Jan 2025 — A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests. • https://fortiguard.com/psirt/FG-IR-23-260 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-37937
https://notcve.org/view.php?id=CVE-2023-37937
14 Jan 2025 — An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI. • https://fortiguard.com/psirt/FG-IR-23-258 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •