CVSS: 3.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26015
https://notcve.org/view.php?id=CVE-2024-26015
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-446 • CWE-1389: Incorrect Parsing of Numbers with Different Radices •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2024-26010
https://notcve.org/view.php?id=CVE-2024-26010
A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specially crafted packets. Un desbordamiento de búfer basado en pila en Fortinet FortiPAM versión 1.2.0, 1.1.0 a 1.1.2, 1.0.0 a 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager versión 7.2.0 a 7.2.3, 7.0.1 a 7.0. 3, FortiOS versión 7.4.0 a 7.4.3, 7.2.0 a 7.2.7, 7.0.0 a 7.0.14, 6.4.0 a 6.4.15, 6.2.0 a 6.2.16, 6.0.0 a 6.0. 18, FortiProxy versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.9, 7.0.0 a 7.0.15, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13, 1.1.0 a 1.1. 6, 1.0.0 a 1.0.7 permite a un atacante ejecutar código o comandos no autorizados a través de paquetes especialmente manipulados. • https://fortiguard.fortinet.com/psirt/FG-IR-24-036 • CWE-121: Stack-based Buffer Overflow •
CVSS: 1.8EPSS: 0%CPEs: 8EXPL: 1CVE-2024-21754
https://notcve.org/view.php?id=CVE-2024-21754
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file. Un uso de hash de contraseña con vulnerabilidad de esfuerzo computacional insuficiente [CWE-916] que afecta a FortiOS versión 7.4.3 e inferior, 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones y FortiProxy versión 7.4.2 e inferior, 7.2 todas las versiones, 7.0 todas versiones, 2.0, todas las versiones pueden permitir que un atacante privilegiado con perfil de superadministrador y acceso CLI pueda descifrar el archivo de copia de seguridad. • https://github.com/CyberSecuritist/CVE-2024-21754-Forti-RCE https://fortiguard.fortinet.com/psirt/FG-IR-23-423 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-23111
https://notcve.org/view.php?id=CVE-2024-23111
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file. Un uso de hash de contraseña con vulnerabilidad de esfuerzo computacional insuficiente [CWE-916] que afecta a FortiOS versión 7.4.3 e inferior, 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones y FortiProxy versión 7.4.2 e inferior, 7.2 todas las versiones, 7.0 todas versiones, 2.0, todas las versiones pueden permitir que un atacante privilegiado con perfil de superadministrador y acceso CLI pueda descifrar el archivo de copia de seguridad. An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-471 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2023-45583
https://notcve.org/view.php?id=CVE-2023-45583
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests. Un uso de cadena de formato controlada externamente en Fortinet FortiProxy versiones 7.2.0 a 7.2.5, 7.0.0 a 7.0.11, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13, 1.1.0 a 1.1. 6 Versiones de FortiPAM 1.1.0, 1.0.0 a 1.0.3 Versiones de FortiOS 7.4.0, 7.2.0 a 7.2.5, 7.0.0 a 7.0.13, 6.4.0 a 6.4.14, 6.2.0 a 6.2. 15 Las versiones 7.2.0 a 7.2.2, 7.0.0 a 7.0.2 de FortiSwitchManager permiten a un atacante ejecutar código o comandos no autorizados a través de comandos cli y solicitudes http especialmente manipulados. • https://fortiguard.com/psirt/FG-IR-23-137 • CWE-134: Use of Externally-Controlled Format String •