CVSS: 8.3EPSS: 0%CPEs: 10EXPL: 0CVE-2024-40584
https://notcve.org/view.php?id=CVE-2024-40584
11 Feb 2025 — An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiAnalyzer BigData version 7.4.0, 7.2.0 through 7.2.7, 7.0.1 through 7.0.6, 6.4.5 through 6.4.7 a... • https://fortiguard.fortinet.com/psirt/FG-IR-24-220 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36508
https://notcve.org/view.php?id=CVE-2024-36508
11 Feb 2025 — An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 CLI allows an authenticated admin user with diagnose privileges to delete files on the system. • https://fortiguard.fortinet.com/psirt/FG-IR-24-147 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-33504
https://notcve.org/view.php?id=CVE-2024-33504
11 Feb 2025 — A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled. • https://fortiguard.fortinet.com/psirt/FG-IR-24-094 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 4.7EPSS: 0%CPEs: 99EXPL: 0CVE-2022-23439
https://notcve.org/view.php?id=CVE-2022-23439
22 Jan 2025 — A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.... • https://fortiguard.com/psirt/FG-IR-21-254 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45331
https://notcve.org/view.php?id=CVE-2024-45331
16 Jan 2025 — A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands • https://fortiguard.fortinet.com/psirt/FG-IR-24-127 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-32115
https://notcve.org/view.php?id=CVE-2024-32115
14 Jan 2025 — A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-097 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47571
https://notcve.org/view.php?id=CVE-2024-47571
14 Jan 2025 — An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials. • https://fortiguard.fortinet.com/psirt/FG-IR-24-239 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35277
https://notcve.org/view.php?id=CVE-2024-35277
14 Jan 2025 — A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets • https://fortiguard.fortinet.com/psirt/FG-IR-24-135 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2024-33502
https://notcve.org/view.php?id=CVE-2024-33502
14 Jan 2025 — An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-143 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-33503
https://notcve.org/view.php?id=CVE-2024-33503
14 Jan 2025 — A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands • https://fortiguard.fortinet.com/psirt/FG-IR-24-127 • CWE-266: Incorrect Privilege Assignment •