Latest Fortinet Vulnerabilities

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 a...
Fortinet FortiAnalyzer>=6.2.0<=6.2.12
Fortinet FortiAnalyzer>=6.4.0<=6.4.14
Fortinet FortiAnalyzer>=7.0.0<=7.0.11
Fortinet FortiAnalyzer>=7.2.0<=7.2.3
Fortinet FortiAnalyzer=7.4.0
Fortinet FortiAnalyzer=7.4.1
and 6 more
An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform gl...
Fortinet Forticlient Enterprise Management Server<7.0.10
Fortinet Forticlient Enterprise Management Server>=7.2.0<=7.2.2
FortiOS - Format String Bug in fgfmd
Fortinet FortiOS=6.0.x
Fortinet FortiOS
Fortinet FortiSIEM
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.13
and 19 more
FortiOS - Fortilink lack of certificate validation
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0
FortiOS - Fortilink lack of certificate validation
Fortinet FortiOS SSL VPN
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0
Fortinet FortiOS>=7.0.0<7.0.14
Fortinet FortiOS>=7.2.0<=7.2.6
and 2 more
FortiOS & FortiProxy - CVE-2023-44487 - Rapid Reset HTTP/2 vulnerability
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiProxy>=7.4.0<=7.4.1
Fortinet FortiProxy>=7.2.0<=7.2.7
Fortinet FortiProxy>=7.0
FortiOS - Format String Bug in fgfmd
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiPAM=.
Fortinet FortiPAM>=1.1.0<=1.1.2
Fortinet FortiPAM>=1.0
and 5 more
FortiOS/FortiProxy - Out-of-bound Write in sslvpnd
Fortinet FortiOS
Fortinet FortiProxy>=1.0.0<2.0.14
Fortinet FortiProxy>=7.0.0<7.0.15
Fortinet FortiProxy>=7.2.0<7.2.9
Fortinet FortiProxy>=7.4.0<7.4.3
Fortinet FortiOS>=6.0.0<6.2.16
and 18 more
FortiOS/FortiProxy - Out-of-bound Write in sslvpnd
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
and 7 more
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6....
Fortinet FortiSIEM>=6.4.0<=6.4.2
Fortinet FortiSIEM>=6.5.0<=6.5.2
Fortinet FortiSIEM>=6.6.0<=6.6.3
Fortinet FortiSIEM>=6.7.0<=6.7.8
Fortinet FortiSIEM>=7.0.0<=7.0.2
Fortinet FortiSIEM=7.1.0
and 3 more
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6....
Fortinet FortiSIEM>=6.4.0<=6.4.2
Fortinet FortiSIEM>=6.5.0<=6.5.2
Fortinet FortiSIEM>=6.6.0<=6.6.3
Fortinet FortiSIEM>=6.7.0<=6.7.8
Fortinet FortiSIEM>=7.0.0<=7.0.2
Fortinet FortiSIEM=7.1.0
and 3 more
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below ma...
Fortinet FortiPortal>=5.3.0<=5.3.8
Fortinet FortiPortal>=6.0.0<=6.0.14
Fortinet FortiPortal>=7.0.0<7.0.7
Fortinet FortiPortal>=7.2.0<7.2.2
A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP ...
Fortinet FortiPortal>=7.0.0<=7.0.6
Fortinet FortiPortal>=7.2.0<=7.2.1
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted ...
Fortinet FortiPAM>=1.0.0<1.1.0
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read...
Fortinet FortiVoice>=6.0.0<=6.0.12
Fortinet FortiVoice>=6.4.0<6.4.8
Fortinet FortiVoice=7.0.0
FortiOS & FortiProxy - Improper authorization for HA requests
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS=.
Fortinet FortiProxy>=7.4.0<=7.4.1
FortiOS & FortiProxy - Improper authorization for HA requests
Fortinet FortiProxy=7.4.0
Fortinet FortiProxy=7.4.1
Fortinet FortiOS=7.2.5
Fortinet FortiOS=7.4.0
Fortinet FortiOS=7.4.1
Fortinet FortiOS>=7.4.0<=7.4.1
and 2 more
** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1....
Fortinet FortiWan=5.1.1
Fortinet FortiWan=5.1.2
Fortinet FortiWan=5.2.0
Fortinet FortiWan=5.2.1
** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker t...
Fortinet FortiWan=5.1.1
Fortinet FortiWan=5.1.2
Fortinet FortiWan=5.2.0
Fortinet FortiWan=5.2.1
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated att...
Fortinet FortiPortal>=7.0.0<=7.0.6
Fortinet FortiPortal=7.2.0
An improper neutralization of special elements used in an OS command vulnerability [CWE-78]  in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to e...
Fortinet Fortitester=2.3.0
Fortinet Fortitester=2.4.0
Fortinet Fortitester=2.4.1
Fortinet Fortitester=2.5.0
Fortinet Fortitester=2.6.0
Fortinet Fortitester=2.7.0
and 29 more
An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS ...
Fortinet FortiADC>=6.0.0<=6.0.4
Fortinet FortiADC>=6.1.0<=6.1.6
Fortinet FortiADC>=6.2.0<=6.2.6
Fortinet FortiADC>=7.0.0<=7.0.5
Fortinet FortiADC=7.1.0
Fortinet FortiADC=7.1.1
and 3 more
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 throug...
Fortinet FortiSandbox>=3.0.0<=3.0.7
Fortinet FortiSandbox>=3.1.0<=3.1.5
Fortinet FortiSandbox>=3.2.0<=3.2.4
Fortinet FortiSandbox>=4.0.0<=4.0.4
Fortinet FortiSandbox>=4.2.0<=4.2.5
Fortinet FortiSandbox=4.4.0
and 2 more
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of t...
Fortinet FortiWeb>=6.2.0<=6.2.8
Fortinet FortiWeb>=6.3.0<=6.3.23
Fortinet FortiWeb>=7.0.0<=7.0.9
Fortinet FortiWeb>=7.2.0<=7.2.5
Fortinet FortiWeb=7.4.0
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 throu...
Fortinet FortiSandbox>=3.1.0<=3.1.5
Fortinet FortiSandbox>=3.2.0<=3.2.4
Fortinet FortiSandbox>=4.0.0<=4.0.4
Fortinet FortiSandbox>=4.2.0<=4.2.5
Fortinet FortiSandbox=4.4.0
Fortinet FortiSandbox=4.4.1
and 1 more
A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version ...
Fortinet Fortiai=1.1.0
Fortinet Fortiai=1.5.3
Fortinet FortiMail>=6.0.0<=6.0.12
Fortinet FortiMail>=6.2.0<=6.2.9
Fortinet FortiMail>=6.4.0<=6.4.6
Fortinet FortiMail>=7.0.0<=7.0.3
and 12 more
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands v...
Fortinet FortiWLM>=8.6.0<=8.6.5
FortiOS & FortiProxy - Firewall deny policy bypass
Fortinet FortiProxy>=2.0.0<=2.0.12
Fortinet FortiProxy>=7.0.0<=7.0.9
Fortinet FortiProxy>=7.2.0<=7.2.3
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS=7.2.0
and 6 more
Double free in cache management
Fortinet FortiOS>=7.0.0<=7.0.5
Fortinet FortiPAM>=1.1.0<=1.1.1
Fortinet FortiPAM>=1.0
Double free in cache management
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 33 more
FortiOS & FortiProxy - Firewall deny policy bypass
Fortinet FortiOS=.
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.2.0<=7.2.3
Fortinet FortiProxy>=7.0.0<=7.0.9
Fortinet FortiProxy>=2.0.0<=2.0.12
FortiOS & FortiProxy - Format String Bug in HTTPSd
Fortinet FortiOS=.
Fortinet FortiOS>=7.2.0<=7.2.4
Fortinet FortiOS>=7.0.0<=7.0.11
Fortinet FortiOS>=6.4.0<=6.4.12
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
and 4 more
FortiOS & FortiProxy - Format String Bug in HTTPSd
Fortinet FortiOS=.
Fortinet FortiOS>=7.2.0<=7.2.4
Fortinet FortiOS>=7.0.0<=7.0.11
Fortinet FortiOS>=6.4.0<=6.4.12
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
and 14 more
A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request t...
Fortinet FortiClient Windows>=6.0.0<=6.0.10
Fortinet FortiClient Windows>=6.2.0<=6.2.9
Fortinet FortiClient Windows>=6.4.0<=6.4.8
Fortinet FortiClient Windows>=7.0.0<=7.0.7
A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privil...
Fortinet FortiADC=7.1.0
Fortinet FortiADC=7.1.1
Fortinet Fortiddos-f>=6.3.0<=6.3.4
Fortinet Fortiddos-f=6.4.0
Fortinet Fortiddos-f=6.4.1
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use o...
Fortinet FortiAnalyzer>=7.0.0<=7.0.10
Fortinet FortiAnalyzer>=7.2.0<=7.2.3
Fortinet FortiAnalyzer=7.4.0
Fortinet FortiManager>=7.0.0<=7.0.10
Fortinet FortiManager>=7.2.0<=7.2.3
Fortinet FortiManager=7.4.0
Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows...
Fortinet FortiADC>=7.1.0<=7.1.2
Fortinet FortiADC=5.2.0
Fortinet FortiADC=5.3.0
Fortinet FortiADC=5.4.0
Fortinet FortiADC=6.0.0
Fortinet FortiADC=6.1.0
and 8 more
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders...
Fortinet FortiMail>=6.0.0<7.0.6
Fortinet FortiMail>=7.2.0<7.2.3
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 throug...
Fortinet FortiWLM>=8.5.0<=8.5.4
Fortinet FortiWLM>=8.6.0<=8.6.5
Fortinet FortiWLM=8.2.2
Fortinet FortiWLM=8.3.0
Fortinet FortiWLM=8.3.1
Fortinet FortiWLM=8.3.2
and 3 more
A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials.
Fortinet FortiClient Windows>=7.0.0<=7.0.9
Fortinet FortiClient Windows=7.2.0
Fortinet FortiClient Windows=7.2.1
An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service t...
Fortinet Fortiedr>=5.0.3<=5.0.3.1007
Fortinet Fortiedr>=5.2.0<=5.2.0.4549
Fortinet Fortiedr=4.0.0
An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged at...
Fortinet FortiADC>=6.1.0<=6.1.6
Fortinet FortiADC>=6.2.0<=6.2.6
Fortinet FortiADC>=7.0.0<=7.0.5
Fortinet FortiADC=7.1.0
Fortinet FortiADC=7.1.1
Fortinet FortiADC=7.1.2
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and be...
Fortinet FortiSIEM>=5.3.0<=5.3.3
Fortinet FortiSIEM>=6.7.0<=6.7.6
Fortinet FortiSIEM=5.4.0
Fortinet FortiSIEM=6.1.0
Fortinet FortiSIEM=6.1.1
Fortinet FortiSIEM=6.1.2
and 16 more
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent...
Fortinet FortiSIEM>=6.7.0<=6.7.5
Fortinet FortiSIEM=7.0.0
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated...
Fortinet FortiMail>=6.2.0<=6.2.9
Fortinet FortiMail>=6.4.0<=6.4.8
Fortinet FortiMail>=7.0.0<=7.0.6
Fortinet FortiMail>=7.2.0<=7.2.4
Fortinet FortiMail=7.4.0
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2...
Fortinet FortiSIEM>=5.1.0<=5.1.3
Fortinet FortiSIEM=4.7.2
Fortinet FortiSIEM=4.9.0
Fortinet FortiSIEM=4.10.0
Fortinet FortiSIEM=5.0.0
Fortinet FortiSIEM=5.0.1
and 12 more
A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path.
Fortinet FortiClient Windows=7.0.9
Fortinet FortiClient Windows=7.2.0
Fortinet FortiClient Windows=7.2.1
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via...
Fortinet FortiWLM>=8.5.0<=8.5.4
Fortinet FortiWLM>=8.6.0<=8.6.6
Fortinet FortiWLM=8.2.2
Fortinet FortiWLM=8.3.0
Fortinet FortiWLM=8.3.1
Fortinet FortiWLM=8.3.2
and 3 more
FortiOS & FortiProxy - DOS in headers management
Fortinet FortiOS=.
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0
and 6 more
FortiOS VM - Bypass of root file system integrity checks at boot time on VM
Fortinet FortiOS>=7.2.0<=7.2.3
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0
Fortinet FortiProxy>=7.4.0<=7.4.1
and 3 more

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203