Latest fortinet fortios Vulnerabilities

FG-IR-23-224
Web server ETag exposure
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
FG-IR-23-413
FortiOS - Format String in CLI command
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
CVE-2023-41677
Administrator cookie leakage
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
and 7 more
CVE-2023-48784
FortiOS - Format String in CLI command
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
CVE-2024-23662
Web server ETag exposure
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
FG-IR-23-493
Administrator cookie leakage
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
and 7 more
CVE-2024-23112
Authorization bypass in SSLVPN bookmarks
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.1<=7.0.13
Fortinet FortiOS>=6.4.7<=6.4.14
Fortinet FortiProxy>=7.4.0<=7.4.2
Fortinet FortiProxy>=7.2.0<=7.2.8
and 8 more
CVE-2023-42789
Out-of-bounds Write in captive portal
Fortinet FortiProxy>=2.0.0<=2.0.13
Fortinet FortiProxy>=7.0.0<=7.0.12
Fortinet FortiProxy>=7.2.0<=7.2.6
Fortinet FortiProxy=7.4.0
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.4.0<=6.4.14
and 4 more
FG-IR-24-013
Authorization bypass in SSLVPN bookmarks
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.1<=7.0.13
Fortinet FortiOS>=6.4.7<=6.4.14
Fortinet FortiProxy>=7.4.0<=7.4.2
Fortinet FortiProxy>=7.2.0<=7.2.8
and 1 more
CVE-2023-42790
Out-of-bounds Write in captive portal
Fortinet FortiProxy>=2.0.0<=2.0.13
Fortinet FortiProxy>=7.0.0<=7.0.12
Fortinet FortiProxy>=7.2.0<=7.2.6
Fortinet FortiProxy=7.4.0
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.4.0<=6.4.14
and 3 more
CVE-2023-46717
Improper authentication following read-only user login
Fortinet FortiOS>=7.0.0<7.0.13
Fortinet FortiOS>=7.2.0<7.2.7
Fortinet FortiOS>=7.4.0<7.4.2
FG-IR-24-015
Out-of-bound Write in sslvpnd
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0.0<=6.0.17
and 7 more
CVE-2024-21762
Out-of-bound Write in sslvpnd
Fortinet FortiOS
Fortinet FortiProxy>=1.0.0<2.0.14
Fortinet FortiProxy>=7.0.0<7.0.15
Fortinet FortiProxy>=7.2.0<7.2.9
Fortinet FortiProxy>=7.4.0<7.4.3
Fortinet FortiOS>=6.0.0<6.2.16
and 17 more
FG-IR-24-029
Format String Bug in fgfmd
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiPAM>=1.2
Fortinet FortiPAM>=1.1
Fortinet FortiPAM>=1.0
and 4 more
FG-IR-23-397
CVE-2023-44487 - Rapid Reset HTTP/2 vulnerability
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiProxy>=7.4.0<=7.4.1
Fortinet FortiProxy>=7.2.0<=7.2.7
Fortinet FortiProxy>=7.0
CVE-2024-23113
Format String Bug in fgfmd
Fortinet FortiOS=6.0.x
Fortinet FortiOS
Fortinet FortiSIEM
Fortinet FortiProxy>=7.0.0<=7.0.14
Fortinet FortiProxy>=7.2.0<=7.2.8
Fortinet FortiProxy>=7.4.0<=7.4.2
and 18 more
CVE-2023-47537
Fortilink lack of certificate validation
Fortinet FortiOS SSL VPN
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0
Fortinet FortiOS>=7.0.0<7.0.14
Fortinet FortiOS>=7.2.0<=7.2.6
and 2 more
FG-IR-23-301
Fortilink lack of certificate validation
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0
CVE-2024-23108
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6....
Fortinet FortiSIEM>=6.4.0<=6.4.2
Fortinet FortiSIEM>=6.5.0<=6.5.2
Fortinet FortiSIEM>=6.6.0<=6.6.3
Fortinet FortiSIEM>=6.7.0<=6.7.8
Fortinet FortiSIEM>=7.0.0<=7.0.2
Fortinet FortiSIEM=7.1.0
and 3 more
CVE-2024-23109
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6....
Fortinet FortiSIEM>=6.4.0<=6.4.2
Fortinet FortiSIEM>=6.5.0<=6.5.2
Fortinet FortiSIEM>=6.6.0<=6.6.3
Fortinet FortiSIEM>=6.7.0<=6.7.8
Fortinet FortiSIEM>=7.0.0<=7.0.2
Fortinet FortiSIEM=7.1.0
and 3 more
CVE-2023-44250
Improper authorization for HA requests
Fortinet FortiProxy=7.4.0
Fortinet FortiProxy=7.4.1
Fortinet FortiOS=7.2.5
Fortinet FortiOS=7.4.0
Fortinet FortiOS=7.4.1
Fortinet FortiOS>=7.4.0<=7.4.1
and 2 more
FG-IR-23-315
Improper authorization for HA requests
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS=.
Fortinet FortiProxy>=7.4.0<=7.4.1
CVE-2023-36639
Format String Bug in HTTPSd
Fortinet FortiProxy>=7.0.0<=7.0.10
Fortinet FortiProxy>=7.2.0<=7.2.4
Fortinet FortiOS>=6.0.0<=6.0.17
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.4.0<=6.4.12
Fortinet FortiOS>=7.0.0<=7.0.11
and 14 more
FG-IR-23-432
Firewall deny policy bypass
Fortinet FortiOS=.
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.2.0<=7.2.3
Fortinet FortiProxy>=7.0.0<=7.0.9
Fortinet FortiProxy>=2.0.0<=2.0.12
FG-IR-23-138
Format String Bug in HTTPSd
Fortinet FortiOS=.
Fortinet FortiOS>=7.2.0<=7.2.4
Fortinet FortiOS>=7.0.0<=7.0.11
Fortinet FortiOS>=6.4.0<=6.4.12
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
and 4 more
CVE-2023-47536
Firewall deny policy bypass
Fortinet FortiProxy>=2.0.0<=2.0.12
Fortinet FortiProxy>=7.0.0<=7.0.9
Fortinet FortiProxy>=7.2.0<=7.2.3
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS=7.2.0
and 6 more
CVE-2023-41678
Double free in cache management
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 30 more
CVE-2023-28002
Bypass of root file system integrity checks at boot time on VM
Fortinet FortiProxy>=2.0.0<=2.0.13
Fortinet FortiProxy>=7.0.0<=7.0.13
Fortinet FortiProxy>=7.2.0<=7.2.7
Fortinet FortiOS>=6.0.0<=6.0.17
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.4.0<=6.4.14
and 7 more
FG-IR-23-151
DOS in headers management
Fortinet FortiOS=.
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0
and 6 more
FG-IR-22-396
Bypass of root file system integrity checks at boot time on VM
CVE-2023-36641
DOS in headers management
Fortinet FortiProxy>=1.0.0<=1.0.7
Fortinet FortiProxy>=1.1.0<=1.1.6
Fortinet FortiProxy>=1.2.0<=1.2.13
Fortinet FortiProxy>=2.0.0<=2.0.13
Fortinet FortiProxy>=7.0.0<=7.0.10
Fortinet FortiProxy>=7.2.0<=7.2.4
and 17 more
CVE-2023-37935
A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services suc...
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS=7.4.0
CVE-2023-34992
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1...
Fortinet FortiSIEM>=6.6.0<=6.6.3
Fortinet FortiSIEM>=6.7.0<=6.7.5
Fortinet FortiSIEM=6.4.0
Fortinet FortiSIEM=6.4.1
Fortinet FortiSIEM=6.4.2
Fortinet FortiSIEM=6.5.0
and 4 more
CVE-2023-33301
An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host.
Fortinet FortiOS>=7.2.0<=7.2.4
Fortinet FortiOS=7.4.0
CVE-2023-40718
FortiOS - IPS Engine evasion using custom TCP flags
Fortinet Fortios Ips Engine<=7.312
Fortinet FortiOS>=7.2.0<7.2.4
Fortinet Fortios Ips Engine<=7.165
Fortinet FortiOS>=7.0.0<7.0.12
Fortinet Fortios Ips Engine<=6.158
Fortinet FortiOS>=6.4.0<6.4.13
CVE-2023-41675
FortiOS & FortiProxy - Webproxy process denial of service
Fortinet FortiProxy>=7.0.0<=7.0.8
Fortinet FortiProxy=7.2.0
Fortinet FortiProxy=7.2.1
Fortinet FortiProxy=7.2.2
Fortinet FortiOS>=7.0.0<=7.0.10
Fortinet FortiOS>=7.2.0<=7.2.4
CVE-2023-41841
FortiOS - Improper authorization via prof-admin profile
Fortinet FortiOS>=7.0.0<=7.0.11
Fortinet FortiOS>=7.2.0<=7.2.4
Fortinet FortiOS>=7.2.0<=7.2.4
Fortinet FortiOS>=7.0.0<=7.0.11
CVE-2023-36555
FortiOS - HTML injection in SAML and Security Fabric components
Fortinet FortiOS>=7.2.0<=7.2.4
Fortinet FortiOS>=7.2.0<=7.2.5
CVE-2023-44487
- Rapid Reset HTTP/2 vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 11=21H2
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
Microsoft Windows 11=22H2
and 555 more
CVE-2023-29183
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, ...
Fortinet FortiProxy>=7.0.0<7.0.11
Fortinet FortiProxy>=7.2.0<7.2.5
Fortinet FortiOS>=6.2.0<6.2.15
Fortinet FortiOS>=6.4.0<6.4.13
Fortinet FortiOS>=7.0.0<7.0.12
Fortinet FortiOS>=7.2.0<7.2.5
CVE-2022-22305
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x...
Fortinet FortiAnalyzer>=6.0.0<=6.0.12
Fortinet FortiAnalyzer>=6.2.9<=6.4.7
Fortinet FortiAnalyzer=7.0.0
Fortinet FortiAnalyzer=7.0.1
Fortinet FortiAnalyzer=7.0.2
Fortinet FortiManager>=6.0.0<=6.0.12
and 14 more
CVE-2023-29182
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker ...
Fortinet FortiOS>=6.2.0<7.0.4
CVE-2023-33308
A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remo...
Fortinet FortiProxy>=7.0.0<=7.0.9
Fortinet FortiProxy=7.2.0
Fortinet FortiProxy=7.2.1
Fortinet FortiProxy=7.2.2
Fortinet FortiOS>=7.0.0<=7.0.10
Fortinet FortiOS>=7.2.0<=7.2.3
CVE-2023-28001
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the RES...
Fortinet FortiOS>=7.2.0<=7.2.4
Fortinet FortiOS>=7.0.0<=7.0.12
CVE-2022-22302
A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 a...
Fortinet FortiAuthenticator>=6.0.0<=6.0.4
Fortinet FortiAuthenticator=5.5.0
Fortinet FortiAuthenticator=6.1.0
Fortinet FortiOS>=6.0.0<=6.0.13
Fortinet FortiOS>=6.2.0<=6.2.9
Fortinet FortiOS=6.4.0
and 1 more
CVE-2023-33306
A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically cr...
Fortinet FortiProxy>=7.0.0<7.0.10
Fortinet FortiProxy>=7.2.0<7.2.4
Fortinet FortiOS>=6.4.0<6.4.13
Fortinet FortiOS>=7.0.0<7.0.11
Fortinet FortiOS>=7.2.0<7.2.5
CVE-2023-33307
A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in ...
Fortinet FortiProxy>=7.0.0<=7.0.9
Fortinet FortiProxy>=7.2.0<=7.2.3
Fortinet FortiOS>=7.0.0<7.0.11
Fortinet FortiOS>=7.2.0<7.2.5
CVE-2023-33305
A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, For...
Fortinet FortiProxy>=1.0.0<=1.0.7
Fortinet FortiProxy>=1.1.0<=1.1.6
Fortinet FortiProxy>=1.2.0<=1.2.13
Fortinet FortiProxy>=2.0.0<=2.0.12
Fortinet FortiProxy>=7.0.0<=7.0.9
Fortinet FortiProxy>=7.2.0<=7.2.3
and 14 more
CVE-2023-29178
A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authe...
Fortinet FortiProxy>=1.1.0<=1.1.6
Fortinet FortiProxy>=1.2.0<=1.2.13
Fortinet FortiProxy>=2.0.0<=2.0.12
Fortinet FortiProxy>=7.0.0<=7.0.9
Fortinet FortiProxy=7.2.0
Fortinet FortiProxy=7.2.1
and 7 more
CVE-2023-29175
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7...
Fortinet FortiProxy>=1.2.0<=1.2.13
Fortinet FortiProxy>=2.0.0<=2.0.12
Fortinet FortiProxy>=7.0.0<=7.0.9
Fortinet FortiProxy>=7.2.0<=7.2.3
Fortinet FortiOS>=6.0.0<=6.0.17
Fortinet FortiOS>=6.2.0<=6.2.15
and 3 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203