CVSS: 10.0EPSS: 7%CPEs: 42EXPL: 1CVE-2023-25610
https://notcve.org/view.php?id=CVE-2023-25610
24 Mar 2025 — A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifi... • https://github.com/qi4L/CVE-2023-25610 • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 6.7EPSS: 0%CPEs: 14EXPL: 0CVE-2023-40721
https://notcve.org/view.php?id=CVE-2023-40721
11 Feb 2025 — A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.6, FortiProxy version 7.4.0 and before 7.2.7, FortiPAM version 1.1.2 and before 1.0.3, FortiSwitchManager version 7.2.0 through 7.2.2 and before 7.0.2 allows a privileged attacker to execute arbitrary code or commands via specially crafted requests. • https://fortiguard.com/psirt/FG-IR-23-261 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2024-26011
https://notcve.org/view.php?id=CVE-2024-26011
12 Nov 2024 — A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, ... • https://fortiguard.fortinet.com/psirt/FG-IR-24-032 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2022-45862
https://notcve.org/view.php?id=CVE-2022-45862
13 Aug 2024 — An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials. • https://fortiguard.com/psirt/FG-IR-22-445 • CWE-613: Insufficient Session Expiration •
CVSS: 7.6EPSS: 0%CPEs: 18EXPL: 0CVE-2024-26010
https://notcve.org/view.php?id=CVE-2024-26010
11 Jun 2024 — A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 throu... • https://fortiguard.fortinet.com/psirt/FG-IR-24-036 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-45583
https://notcve.org/view.php?id=CVE-2023-45583
14 May 2024 — A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http req... • https://fortiguard.com/psirt/FG-IR-23-137 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 45%CPEs: 11EXPL: 10CVE-2024-23113 – Fortinet Multiple Products Format String Vulnerability
https://notcve.org/view.php?id=CVE-2024-23113
15 Feb 2024 — A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. Un uso de cadena de formato controlada externamente en Fortinet Fo... • https://github.com/zgimszhd61/CVE-2024-23113 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-36635
https://notcve.org/view.php?id=CVE-2023-36635
07 Sep 2023 — An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API. Un control de acceso incorrecto en Fortinet FortiSwitchManager, versiones 7.2.0 a 7.2.2 y versiones 7.0.0 a 7.0.1, puede permitir que un usuario remoto autenticado con permisos de solo lectura modifique la configuración de la interfaz a través de la API. • https://fortiguard.com/psirt/FG-IR-22-174 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-42474
https://notcve.org/view.php?id=CVE-2022-42474
13 Jun 2023 — A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-393 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-41335
https://notcve.org/view.php?id=CVE-2022-41335
16 Feb 2023 — A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests. A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, Fo... • https://fortiguard.com/psirt/FG-IR-22-391 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •