Latest Fortinet Vulnerabilities

CVE-2023-48784
FortiOS - Format String in CLI command
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
CVE-2024-23662
Web server ETag exposure
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
FG-IR-23-493
Administrator cookie leakage
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
and 7 more
CVE-2023-45590
[FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration
Fortinet FortiClientLinux=.
Fortinet FortiClientLinux>=7.0.6<=7.0.10
Fortinet FortiClientLinux>=7.0.3<=7.0.4
FG-IR-23-224
Web server ETag exposure
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
FG-IR-23-087
[FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration
Fortinet FortiClientLinux=.
Fortinet FortiClientLinux>=7.0.6<=7.0.10
Fortinet FortiClientLinux>=7.0.3<=7.0.4
FG-IR-23-413
FortiOS - Format String in CLI command
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
CVE-2023-41677
Administrator cookie leakage
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
and 7 more
CVE-2023-47534
A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 ...
Fortinet Forticlient Endpoint Management Server>=6.0.0<=6.0.8
Fortinet Forticlient Endpoint Management Server>=6.2.0<=6.2.9
Fortinet Forticlient Endpoint Management Server>=6.4.0<=6.4.9
Fortinet Forticlient Endpoint Management Server>=7.0.0<=7.0.10
Fortinet Forticlient Endpoint Management Server>=7.2.0<=7.2.2
CVE-2023-36554
A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute u...
Fortinet FortiManager>=6.2.0<=6.2.12
Fortinet FortiManager>=6.4.0<=6.4.13
Fortinet FortiManager>=7.0.0<=7.0.10
Fortinet FortiManager>=7.2.0<=7.2.3
Fortinet FortiManager=7.4.0
CVE-2023-41842
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version...
Fortinet FortiAnalyzer>=6.2.0<7.0.10
Fortinet FortiAnalyzer>=7.2.0<7.2.4
Fortinet FortiAnalyzer>=7.4.0<7.4.2
Fortinet Fortianalyzer Bigdata>=6.4.5<=6.4.7
Fortinet Fortianalyzer Bigdata>=7.0.1<=7.0.6
Fortinet Fortianalyzer Bigdata>=7.2.0<7.2.6
and 5 more
CVE-2024-21761
An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the re...
Fortinet FortiPortal>=7.0.0<7.0.7
Fortinet FortiPortal=7.2.0
CVE-2023-42790
Out-of-bounds Write in captive portal
Fortinet FortiProxy>=2.0.0<=2.0.13
Fortinet FortiProxy>=7.0.0<=7.0.12
Fortinet FortiProxy>=7.2.0<=7.2.6
Fortinet FortiProxy=7.4.0
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.4.0<=6.4.14
and 3 more
FG-IR-24-007
Pervasive SQL injection in DAS component
Fortinet FortiClientEMS>=7.2.0<=7.2.2
Fortinet FortiClientEMS>=7.0.1<=7.0.10
CVE-2024-23112
Authorization bypass in SSLVPN bookmarks
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.1<=7.0.13
Fortinet FortiOS>=6.4.7<=6.4.14
Fortinet FortiProxy>=7.4.0<=7.4.2
Fortinet FortiProxy>=7.2.0<=7.2.8
and 8 more
CVE-2023-42789
Out-of-bounds Write in captive portal
Fortinet FortiProxy>=2.0.0<=2.0.13
Fortinet FortiProxy>=7.0.0<=7.0.12
Fortinet FortiProxy>=7.2.0<=7.2.6
Fortinet FortiProxy=7.4.0
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.4.0<=6.4.14
and 4 more
CVE-2023-48788
Pervasive SQL injection in DAS component
Fortinet FortiClient Enterprise Management Server>=7.0.1<=7.0.10
Fortinet FortiClient Enterprise Management Server>=7.2.0<=7.2.2
Fortinet FortiClient EMS
Fortinet FortiClientEMS>=7.2.0<=7.2.2
Fortinet FortiClientEMS>=7.0.1<=7.0.10
CVE-2023-46717
Improper authentication following read-only user login
Fortinet FortiOS>=7.0.0<7.0.13
Fortinet FortiOS>=7.2.0<7.2.7
Fortinet FortiOS>=7.4.0<7.4.2
FG-IR-24-013
Authorization bypass in SSLVPN bookmarks
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.1<=7.0.13
Fortinet FortiOS>=6.4.7<=6.4.14
Fortinet FortiProxy>=7.4.0<=7.4.2
Fortinet FortiProxy>=7.2.0<=7.2.8
and 1 more
CVE-2023-44253
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 a...
>=6.2.0<=6.2.12
>=6.4.0<=6.4.14
>=7.0.0<=7.0.11
>=7.2.0<=7.2.3
=7.4.0
=7.4.1
and 6 more
CVE-2023-26206
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauth...
Fortinet FortiNAC>=9.1.0<=9.1.10
Fortinet FortiNAC>=9.2.0<=9.2.8
Fortinet FortiNAC>=9.4.0<=9.4.2
Fortinet FortiNAC=7.2.0
CVE-2023-45581
An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform gl...
Fortinet FortiClient Enterprise Management Server<7.0.10
Fortinet FortiClient Enterprise Management Server>=7.2.0<=7.2.2
FG-IR-23-397
CVE-2023-44487 - Rapid Reset HTTP/2 vulnerability
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiProxy>=7.4.0<=7.4.1
Fortinet FortiProxy>=7.2.0<=7.2.7
Fortinet FortiProxy>=7.0
CVE-2023-47537
Fortilink lack of certificate validation
Fortinet FortiOS SSL VPN
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0
Fortinet FortiOS>=7.0.0<7.0.14
Fortinet FortiOS>=7.2.0<=7.2.6
and 2 more
FG-IR-23-301
Fortilink lack of certificate validation
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0
FG-IR-24-015
Out-of-bound Write in sslvpnd
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0.0<=6.0.17
and 7 more
CVE-2024-21762
Out-of-bound Write in sslvpnd
Fortinet FortiOS
Fortinet FortiProxy>=1.0.0<2.0.14
Fortinet FortiProxy>=7.0.0<7.0.15
Fortinet FortiProxy>=7.2.0<7.2.9
Fortinet FortiProxy>=7.4.0<7.4.3
Fortinet FortiOS>=6.0.0<6.2.16
and 17 more
CVE-2024-23113
Format String Bug in fgfmd
Fortinet FortiOS=6.0.x
Fortinet FortiOS
Fortinet FortiSIEM
Fortinet FortiProxy>=7.0.0<=7.0.14
Fortinet FortiProxy>=7.2.0<=7.2.8
Fortinet FortiProxy>=7.4.0<=7.4.2
and 18 more
FG-IR-24-029
Format String Bug in fgfmd
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiPAM>=1.2
Fortinet FortiPAM>=1.1
Fortinet FortiPAM>=1.0
and 4 more
CVE-2024-23108
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6....
Fortinet FortiSIEM>=6.4.0<=6.4.2
Fortinet FortiSIEM>=6.5.0<=6.5.2
Fortinet FortiSIEM>=6.6.0<=6.6.3
Fortinet FortiSIEM>=6.7.0<=6.7.8
Fortinet FortiSIEM>=7.0.0<=7.0.2
Fortinet FortiSIEM=7.1.0
and 3 more
CVE-2024-23109
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6....
Fortinet FortiSIEM>=6.4.0<=6.4.2
Fortinet FortiSIEM>=6.5.0<=6.5.2
Fortinet FortiSIEM>=6.6.0<=6.6.3
Fortinet FortiSIEM>=6.7.0<=6.7.8
Fortinet FortiSIEM>=7.0.0<=7.0.2
Fortinet FortiSIEM=7.1.0
and 3 more
CVE-2023-46712
A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP ...
Fortinet FortiPortal>=7.0.0<=7.0.6
Fortinet FortiPortal>=7.2.0<=7.2.1
CVE-2023-48783
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below ma...
Fortinet FortiPortal>=5.3.0<=5.3.8
Fortinet FortiPortal>=6.0.0<=6.0.14
Fortinet FortiPortal>=7.0.0<7.0.7
Fortinet FortiPortal>=7.2.0<7.2.2
CVE-2023-37934
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted ...
Fortinet FortiPAM>=1.0.0<1.1.0
CVE-2023-37932
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read...
Fortinet FortiVoice>=6.0.0<=6.0.12
Fortinet FortiVoice>=6.4.0<6.4.8
Fortinet FortiVoice=7.0.0
CVE-2023-44250
Improper authorization for HA requests
Fortinet FortiProxy=7.4.0
Fortinet FortiProxy=7.4.1
Fortinet FortiOS=7.2.5
Fortinet FortiOS=7.4.0
Fortinet FortiOS=7.4.1
Fortinet FortiOS>=7.4.0<=7.4.1
and 2 more
FG-IR-23-315
Improper authorization for HA requests
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS=.
Fortinet FortiProxy>=7.4.0<=7.4.1
CVE-2023-44251
** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1....
Fortinet FortiWan=5.1.1
Fortinet FortiWan=5.1.2
Fortinet FortiWan=5.2.0
Fortinet FortiWan=5.2.1
CVE-2023-44252
** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker t...
Fortinet FortiWan=5.1.1
Fortinet FortiWan=5.1.2
Fortinet FortiWan=5.2.0
Fortinet FortiWan=5.2.1
CVE-2023-48791
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated att...
Fortinet FortiPortal>=7.0.0<=7.0.6
Fortinet FortiPortal=7.2.0
CVE-2023-40716
An improper neutralization of special elements used in an OS command vulnerability [CWE-78]  in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to e...
Fortinet Fortitester=2.3.0
Fortinet Fortitester=2.4.0
Fortinet Fortitester=2.4.1
Fortinet Fortitester=2.5.0
Fortinet Fortitester=2.6.0
Fortinet Fortitester=2.7.0
and 29 more
CVE-2023-41673
An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS ...
Fortinet FortiADC>=6.0.0<=6.0.4
Fortinet FortiADC>=6.1.0<=6.1.6
Fortinet FortiADC>=6.2.0<=6.2.6
Fortinet FortiADC>=7.0.0<=7.0.5
Fortinet FortiADC=7.1.0
Fortinet FortiADC=7.1.1
and 3 more
CVE-2023-41844
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 throug...
Fortinet FortiSandbox>=3.0.0<=3.0.7
Fortinet FortiSandbox>=3.1.0<=3.1.5
Fortinet FortiSandbox>=3.2.0<=3.2.4
Fortinet FortiSandbox>=4.0.0<=4.0.4
Fortinet FortiSandbox>=4.2.0<=4.2.5
Fortinet FortiSandbox=4.4.0
and 2 more
CVE-2023-46713
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of t...
Fortinet FortiWeb>=6.2.0<=6.2.8
Fortinet FortiWeb>=6.3.0<=6.3.23
Fortinet FortiWeb>=7.0.0<=7.0.9
Fortinet FortiWeb>=7.2.0<=7.2.5
Fortinet FortiWeb=7.4.0
CVE-2023-45587
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 throu...
Fortinet FortiSandbox>=3.1.0<=3.1.5
Fortinet FortiSandbox>=3.2.0<=3.2.4
Fortinet FortiSandbox>=4.0.0<=4.0.4
Fortinet FortiSandbox>=4.2.0<=4.2.5
Fortinet FortiSandbox=4.4.0
Fortinet FortiSandbox=4.4.1
and 1 more
CVE-2022-27488
A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version ...
Fortinet Fortiai=1.1.0
Fortinet Fortiai=1.5.3
Fortinet FortiMail>=6.0.0<=6.0.12
Fortinet FortiMail>=6.2.0<=6.2.9
Fortinet FortiMail>=6.4.0<=6.4.6
Fortinet FortiMail>=7.0.0<=7.0.3
and 12 more
CVE-2023-48782
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands v...
Fortinet FortiWLM>=8.6.0<=8.6.5
FG-IR-23-432
Firewall deny policy bypass
Fortinet FortiOS=.
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.2.0<=7.2.3
Fortinet FortiProxy>=7.0.0<=7.0.9
Fortinet FortiProxy>=2.0.0<=2.0.12
FG-IR-23-138
Format String Bug in HTTPSd
Fortinet FortiOS=.
Fortinet FortiOS>=7.2.0<=7.2.4
Fortinet FortiOS>=7.0.0<=7.0.11
Fortinet FortiOS>=6.4.0<=6.4.12
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
and 4 more
CVE-2023-41678
Double free in cache management
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 30 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203