Latest Fortinet Vulnerabilities

CVE-2024-26015
FortiOS - IP address validation mishandles zero characters
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2
Fortinet FortiOS>=7.0
Fortinet FortiProxy>=7.4.0<=7.4.3
Fortinet FortiProxy>=7.2
Fortinet FortiProxy>=7.0
FG-IR-23-485
Cross site scripting vulnerability in SSL VPN web UI
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.4.0<=7.4.3
Fortinet FortiProxy>=7.2.0<=7.2.9
and 1 more
CVE-2024-26006
Cross site scripting vulnerability in SSL VPN web UI
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.4.0<=7.4.3
Fortinet FortiProxy>=7.2.0<=7.2.9
and 1 more
CVE-2024-23663
Privilege escalation from low privilege administrator
Fortinet FortiExtender>=7.4.0<=7.4.2
Fortinet FortiExtender>=7.2.0<=7.2.4
Fortinet FortiExtender>=7.0.0<=7.0.4
FG-IR-23-446
FortiOS - IP address validation mishandles zero characters
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2
Fortinet FortiOS>=7.0
Fortinet FortiProxy>=7.4.0<=7.4.3
Fortinet FortiProxy>=7.2
Fortinet FortiProxy>=7.0
FG-IR-23-459
Privilege escalation from low privilege administrator
Fortinet FortiExtender>=7.4.0<=7.4.2
Fortinet FortiExtender>=7.2.0<=7.2.4
Fortinet FortiExtender>=7.0.0<=7.0.4
CVE-2024-23110
Multiple buffer overflows in diag npu command
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
FG-IR-23-356
Stack buffer overflow on bluetooth write feature
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0
FG-IR-23-460
Multiple buffer overflows in diag npu command
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
CVE-2024-26010
Buffer overflow in fgfmd
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.14
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0
and 12 more
CVE-2024-23111
FortiOS/FortiProxy - XSS in reboot page
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.4.0<=7.4.2
Fortinet FortiProxy>=7.2.0<=7.2.8
and 2 more
FG-IR-23-471
FortiOS/FortiProxy - XSS in reboot page
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.4.0<=7.4.2
Fortinet FortiProxy>=7.2.0<=7.2.8
and 2 more
CVE-2023-46720
Stack buffer overflow on bluetooth write feature
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0
FG-IR-23-423
Weak key derivation for backup file
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.4.0<=7.4.2
Fortinet FortiProxy>=7.2
and 2 more
CVE-2024-21754
Weak key derivation for backup file
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.4.0<=7.4.2
Fortinet FortiProxy>=7.2
and 2 more
FG-IR-24-036
Buffer overflow in fgfmd
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.14
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0
and 12 more
CVE-2024-23669
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTT...
Fortinet FortiWebManager>=6.2.3<6.2.5
Fortinet FortiWebManager>=7.0.0<7.0.5
Fortinet FortiWebManager=6.0.2
Fortinet FortiWebManager=6.3.0
Fortinet FortiWebManager=7.2.0
CVE-2024-23105
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection throug...
Fortinet FortiPortal>=7.0.0<=7.0.6
Fortinet FortiPortal=7.2.0
Fortinet FortiPortal=7.2.1
CVE-2023-50180
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0...
Fortinet FortiADC<=6.2.6
Fortinet FortiADC>=7.0.0<=7.0.5
Fortinet FortiADC>=7.1.0<=7.1.4
Fortinet FortiADC>=7.2.0<=7.2.3
Fortinet FortiADC=7.4.0
Fortinet FortiADC=7.4.1
CVE-2023-40720
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP config...
Fortinet FortiVoice>=6.0.0<=6.0.12
Fortinet FortiVoice>=6.4.0<=6.4.8
Fortinet FortiVoice=7.0.0
Fortinet FortiVoice=7.0.1
FG-IR-23-225
SSL-VPN user IP spoofing
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiProxy>=7.4.0<=7.4.1
and 3 more
FG-IR-24-017
Node.js crash over administrative interface
Fortinet FortiOS=.
CVE-2023-45586
SSL-VPN user IP spoofing
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiProxy>=7.4.0<=7.4.1
and 14 more
CVE-2023-45583
Format String Bug in cli command
Fortinet FortiOS=.
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0.0<=6.0.16
and 22 more
FG-IR-23-137
Format String Bug in cli command
Fortinet FortiOS=.
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0.0<=6.0.16
and 10 more
CVE-2023-44247
Double free with double usage of json_object_put
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.2.0<=6.2.16
Fortinet FortiOS>=6.4.0<=6.4.15
CVE-2023-36640
Format String Bug in cli command
Fortinet FortiOS=.
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0.0<=6.0.16
and 22 more
CVE-2023-46714
Buffer overflow in administrative interface
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.1<=7.2.7
Fortinet FortiOS>=7.2.1<=7.2.6
Fortinet FortiOS=7.4.0
Fortinet FortiOS=7.4.1
FG-IR-24-054
Readonly user could execute sensitive operations
Fortinet FortiSandbox>=4.4.0<=4.4.4
Fortinet FortiSandbox>=4.2.0<=4.2.6
CVE-2024-31491
Readonly user could execute sensitive operations
Fortinet FortiSandbox>=4.4.0<=4.4.4
Fortinet FortiSandbox>=4.2.0<=4.2.6
FG-IR-23-415
Buffer overflow in administrative interface
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.1<=7.2.7
CVE-2024-26007
Node.js crash over administrative interface
Fortinet FortiOS=.
FG-IR-23-195
Double free with double usage of json_object_put
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
CVE-2023-48784
FortiOS - Format String in CLI command
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
FG-IR-23-087
[FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration
Fortinet FortiClientLinux=.
Fortinet FortiClientLinux>=7.0.6<=7.0.10
Fortinet FortiClientLinux>=7.0.3<=7.0.4
FG-IR-23-224
Web server ETag exposure
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
CVE-2023-45590
[FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration
Fortinet FortiClientLinux=.
Fortinet FortiClientLinux>=7.0.6<=7.0.10
Fortinet FortiClientLinux>=7.0.3<=7.0.4
FG-IR-23-493
Administrator cookie leakage
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
and 7 more
CVE-2024-23662
Web server ETag exposure
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
FG-IR-23-413
FortiOS - Format String in CLI command
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
CVE-2023-41677
Administrator cookie leakage
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
and 7 more
CVE-2023-47534
A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 ...
Fortinet Forticlient Endpoint Management Server>=6.0.0<=6.0.8
Fortinet Forticlient Endpoint Management Server>=6.2.0<=6.2.9
Fortinet Forticlient Endpoint Management Server>=6.4.0<=6.4.9
Fortinet Forticlient Endpoint Management Server>=7.0.0<=7.0.10
Fortinet Forticlient Endpoint Management Server>=7.2.0<=7.2.2
CVE-2023-36554
A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute u...
Fortinet FortiManager>=6.2.0<=6.2.12
Fortinet FortiManager>=6.4.0<=6.4.13
Fortinet FortiManager>=7.0.0<=7.0.10
Fortinet FortiManager>=7.2.0<=7.2.3
Fortinet FortiManager=7.4.0
CVE-2024-21761
An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the re...
Fortinet FortiPortal>=7.0.0<7.0.7
Fortinet FortiPortal=7.2.0
CVE-2023-41842
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version...
Fortinet FortiAnalyzer>=6.2.0<7.0.10
Fortinet FortiAnalyzer>=7.2.0<7.2.4
Fortinet FortiAnalyzer>=7.4.0<7.4.2
Fortinet Fortianalyzer Bigdata>=6.4.5<=6.4.7
Fortinet Fortianalyzer Bigdata>=7.0.1<=7.0.6
Fortinet Fortianalyzer Bigdata>=7.2.0<7.2.6
and 5 more
CVE-2023-42790
Out-of-bounds Write in captive portal
Fortinet FortiProxy>=2.0.0<=2.0.13
Fortinet FortiProxy>=7.0.0<=7.0.12
Fortinet FortiProxy>=7.2.0<=7.2.6
Fortinet FortiProxy=7.4.0
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.4.0<=6.4.14
and 3 more
CVE-2023-46717
Improper authentication following read-only user login
Fortinet FortiOS>=7.0.0<7.0.13
Fortinet FortiOS>=7.2.0<7.2.7
Fortinet FortiOS>=7.4.0<7.4.2
FG-IR-24-007
Pervasive SQL injection in DAS component
Fortinet FortiClientEMS>=7.2.0<=7.2.2
Fortinet FortiClientEMS>=7.0.1<=7.0.10
CVE-2023-48788
Pervasive SQL injection in DAS component
Fortinet FortiClient Enterprise Management Server>=7.0.1<=7.0.10
Fortinet FortiClient Enterprise Management Server>=7.2.0<=7.2.2
Fortinet FortiClient EMS
Fortinet FortiClientEMS>=7.2.0<=7.2.2
Fortinet FortiClientEMS>=7.0.1<=7.0.10
CVE-2023-42789
Out-of-bounds Write in captive portal
Fortinet FortiProxy>=2.0.0<=2.0.13
Fortinet FortiProxy>=7.0.0<=7.0.12
Fortinet FortiProxy>=7.2.0<=7.2.6
Fortinet FortiProxy=7.4.0
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.4.0<=6.4.14
and 4 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203