Latest Fortinet Vulnerabilities

Privilege escalation from low privilege administrator
Fortinet FortiExtender>=7.4.0<=7.4.2
Fortinet FortiExtender>=7.2.0<=7.2.4
Fortinet FortiExtender>=7.0.0<=7.0.4
Cross site scripting vulnerability in SSL VPN web UI
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.4.0<=7.4.3
Fortinet FortiProxy>=7.2.0<=7.2.9
and 1 more
Privilege escalation from low privilege administrator
Fortinet FortiExtender>=7.4.0<=7.4.2
Fortinet FortiExtender>=7.2.0<=7.2.4
Fortinet FortiExtender>=7.0.0<=7.0.4
FortiOS - IP address validation mishandles zero characters
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2
Fortinet FortiOS>=7.0
Fortinet FortiProxy>=7.4.0<=7.4.3
Fortinet FortiProxy>=7.2
Fortinet FortiProxy>=7.0
Cross site scripting vulnerability in SSL VPN web UI
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.4.0<=7.4.3
Fortinet FortiProxy>=7.2.0<=7.2.9
and 1 more
FortiOS - IP address validation mishandles zero characters
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2
Fortinet FortiOS>=7.0
Fortinet FortiProxy>=7.4.0<=7.4.3
Fortinet FortiProxy>=7.2
Fortinet FortiProxy>=7.0
Weak key derivation for backup file
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.4.0<=7.4.2
Fortinet FortiProxy>=7.2
and 2 more
Weak key derivation for backup file
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.4.0<=7.4.2
Fortinet FortiProxy>=7.2
and 2 more
Buffer overflow in fgfmd
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.14
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0
and 12 more
FortiOS/FortiProxy - XSS in reboot page
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.4.0<=7.4.2
Fortinet FortiProxy>=7.2.0<=7.2.8
and 2 more
Multiple buffer overflows in diag npu command
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
Buffer overflow in fgfmd
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.14
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0
and 12 more
FortiOS/FortiProxy - XSS in reboot page
Fortinet FortiOS>=7.4.0<=7.4.3
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4
Fortinet FortiProxy>=7.4.0<=7.4.2
Fortinet FortiProxy>=7.2.0<=7.2.8
and 2 more
Stack buffer overflow on bluetooth write feature
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0
Multiple buffer overflows in diag npu command
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
Stack buffer overflow on bluetooth write feature
Fortinet FortiOS>=7.4.0<=7.4.2
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTT...
Fortinet FortiWebManager>=6.2.3<6.2.5
Fortinet FortiWebManager>=7.0.0<7.0.5
Fortinet FortiWebManager=6.0.2
Fortinet FortiWebManager=6.3.0
Fortinet FortiWebManager=7.2.0
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection throug...
Fortinet FortiPortal>=7.0.0<=7.0.6
Fortinet FortiPortal=7.2.0
Fortinet FortiPortal=7.2.1
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0...
Fortinet FortiADC<=6.2.6
Fortinet FortiADC>=7.0.0<=7.0.5
Fortinet FortiADC>=7.1.0<=7.1.4
Fortinet FortiADC>=7.2.0<=7.2.3
Fortinet FortiADC=7.4.0
Fortinet FortiADC=7.4.1
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP config...
Fortinet FortiVoice>=6.0.0<=6.0.12
Fortinet FortiVoice>=6.4.0<=6.4.8
Fortinet FortiVoice=7.0.0
Fortinet FortiVoice=7.0.1
Buffer overflow in administrative interface
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.1<=7.2.7
Double free with double usage of json_object_put
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Node.js crash over administrative interface
Fortinet FortiOS=.
Format String Bug in cli command
Fortinet FortiOS=.
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0.0<=6.0.16
and 22 more
Buffer overflow in administrative interface
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.1<=7.2.7
Fortinet FortiOS>=7.2.1<=7.2.6
Fortinet FortiOS=7.4.0
Fortinet FortiOS=7.4.1
Readonly user could execute sensitive operations
Fortinet FortiSandbox>=4.4.0<=4.4.4
Fortinet FortiSandbox>=4.2.0<=4.2.6
Format String Bug in cli command
Fortinet FortiOS=.
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0.0<=6.0.16
and 10 more
SSL-VPN user IP spoofing
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiProxy>=7.4.0<=7.4.1
and 14 more
Double free with double usage of json_object_put
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.2.0<=6.2.16
Fortinet FortiOS>=6.4.0<=6.4.15
Format String Bug in cli command
Fortinet FortiOS=.
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiOS>=6.0.0<=6.0.16
and 22 more
Readonly user could execute sensitive operations
Fortinet FortiSandbox>=4.4.0<=4.4.4
Fortinet FortiSandbox>=4.2.0<=4.2.6
SSL-VPN user IP spoofing
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4
Fortinet FortiOS>=6.2
Fortinet FortiProxy>=7.4.0<=7.4.1
and 3 more
Node.js crash over administrative interface
Fortinet FortiOS=.
FortiOS - Format String in CLI command
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
Administrator cookie leakage
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
and 7 more
Web server ETag exposure
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
[FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration
Fortinet FortiClientLinux=.
Fortinet FortiClientLinux>=7.0.6<=7.0.10
Fortinet FortiClientLinux>=7.0.3<=7.0.4
[FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration
Fortinet FortiClientLinux=.
Fortinet FortiClientLinux>=7.0.6<=7.0.10
Fortinet FortiClientLinux>=7.0.3<=7.0.4
Administrator cookie leakage
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.0<=7.0.12
Fortinet FortiOS>=6.4.0<=6.4.14
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.0
and 7 more
Web server ETag exposure
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.5
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
FortiOS - Format String in CLI command
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0
Fortinet FortiOS>=6.4
A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 ...
Fortinet Forticlient Endpoint Management Server>=6.0.0<=6.0.8
Fortinet Forticlient Endpoint Management Server>=6.2.0<=6.2.9
Fortinet Forticlient Endpoint Management Server>=6.4.0<=6.4.9
Fortinet Forticlient Endpoint Management Server>=7.0.0<=7.0.10
Fortinet Forticlient Endpoint Management Server>=7.2.0<=7.2.2
An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the re...
Fortinet FortiPortal>=7.0.0<7.0.7
Fortinet FortiPortal=7.2.0
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version...
Fortinet FortiAnalyzer>=6.2.0<7.0.10
Fortinet FortiAnalyzer>=7.2.0<7.2.4
Fortinet FortiAnalyzer>=7.4.0<7.4.2
Fortinet Fortianalyzer Bigdata>=6.4.5<=6.4.7
Fortinet Fortianalyzer Bigdata>=7.0.1<=7.0.6
Fortinet Fortianalyzer Bigdata>=7.2.0<7.2.6
and 5 more
A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute u...
Fortinet FortiManager>=6.2.0<=6.2.12
Fortinet FortiManager>=6.4.0<=6.4.13
Fortinet FortiManager>=7.0.0<=7.0.10
Fortinet FortiManager>=7.2.0<=7.2.3
Fortinet FortiManager=7.4.0
Authorization bypass in SSLVPN bookmarks
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.1<=7.0.13
Fortinet FortiOS>=6.4.7<=6.4.14
Fortinet FortiProxy>=7.4.0<=7.4.2
Fortinet FortiProxy>=7.2.0<=7.2.8
and 1 more
Pervasive SQL injection in DAS component
Fortinet FortiClientEMS>=7.2.0<=7.2.2
Fortinet FortiClientEMS>=7.0.1<=7.0.10
Pervasive SQL injection in DAS component
Fortinet FortiClient Enterprise Management Server>=7.0.1<=7.0.10
Fortinet FortiClient Enterprise Management Server>=7.2.0<=7.2.2
Fortinet FortiClient EMS
Fortinet FortiClientEMS>=7.2.0<=7.2.2
Fortinet FortiClientEMS>=7.0.1<=7.0.10
Authorization bypass in SSLVPN bookmarks
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.6
Fortinet FortiOS>=7.0.1<=7.0.13
Fortinet FortiOS>=6.4.7<=6.4.14
Fortinet FortiProxy>=7.4.0<=7.4.2
Fortinet FortiProxy>=7.2.0<=7.2.8
and 8 more
Out-of-bounds Write in captive portal
Fortinet FortiProxy>=2.0.0<=2.0.13
Fortinet FortiProxy>=7.0.0<=7.0.12
Fortinet FortiProxy>=7.2.0<=7.2.6
Fortinet FortiProxy=7.4.0
Fortinet FortiOS>=6.2.0<=6.2.15
Fortinet FortiOS>=6.4.0<=6.4.14
and 4 more

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203