CVSS: 7.6EPSS: 0%CPEs: 16EXPL: 0CVE-2024-50565
https://notcve.org/view.php?id=CVE-2024-50565
08 Apr 2025 — A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyze... • https://fortiguard.fortinet.com/psirt/FG-IR-24-046 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.6EPSS: 0%CPEs: 14EXPL: 0CVE-2024-26013
https://notcve.org/view.php?id=CVE-2024-26013
08 Apr 2025 — A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 throug... • https://fortiguard.fortinet.com/psirt/FG-IR-24-046 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-37930
https://notcve.org/view.php?id=CVE-2023-37930
08 Apr 2025 — Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities in Fortinet FortiOS SSL VPN webmode version 7.4.0, version 7.2.0 through 7.2.5, version 7.0.1 through 7.0.11 and version 6.4.7 through 6.4.14 and Fortinet FortiProxy SSL VPN webmode version 7.2.0 through 7.2.6 and version 7.0.0 through 7.0.12 allows a VPN user to corrupt memory potentially leading to code or commands execution via specifically crafted requests. • https://fortiguard.com/psirt/FG-IR-23-165 • CWE-908: Use of Uninitialized Resource •
CVSS: 2.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-32122
https://notcve.org/view.php?id=CVE-2024-32122
08 Apr 2025 — A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server. • https://fortiguard.fortinet.com/psirt/FG-IR-24-111 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 10.0EPSS: 5%CPEs: 42EXPL: 1CVE-2023-25610
https://notcve.org/view.php?id=CVE-2023-25610
24 Mar 2025 — A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifi... • https://github.com/qi4L/CVE-2023-25610 • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 7.6EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26006
https://notcve.org/view.php?id=CVE-2024-26006
14 Mar 2025 — An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server. • https://fortiguard.fortinet.com/psirt/FG-IR-23-485 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 19EXPL: 0CVE-2024-45324
https://notcve.org/view.php?id=CVE-2024-45324
11 Mar 2025 — A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute ... • https://fortiguard.fortinet.com/psirt/FG-IR-24-325 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 0CVE-2025-24472 – Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-24472
11 Feb 2025 — An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests. An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges ... • https://fortiguard.fortinet.com/psirt/FG-IR-24-535 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.7EPSS: 0%CPEs: 14EXPL: 0CVE-2023-40721
https://notcve.org/view.php?id=CVE-2023-40721
11 Feb 2025 — A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.6, FortiProxy version 7.4.0 and before 7.2.7, FortiPAM version 1.1.2 and before 1.0.3, FortiSwitchManager version 7.2.0 through 7.2.2 and before 7.0.2 allows a privileged attacker to execute arbitrary code or commands via specially crafted requests. • https://fortiguard.com/psirt/FG-IR-23-261 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40591
https://notcve.org/view.php?id=CVE-2024-40591
11 Feb 2025 — An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control. • https://fortiguard.fortinet.com/psirt/FG-IR-24-302 • CWE-266: Incorrect Privilege Assignment •