VYPR

Vendor CVEs

Fortinet

All CVEs

1,127 total · sorted by risk
  • CVE-2025-46777May 28, 2025
    risk 0.00cvss epss 0.00

    A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal…

  • CVE-2025-24473May 28, 2025
    risk 0.00cvss epss 0.00

    A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a…

  • CVE-2025-22252May 28, 2025
    risk 0.00cvss epss 0.01

    A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device…

  • CVE-2025-47294May 28, 2025
    risk 0.00cvss epss 0.01

    A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via a specially crafted request.

  • CVE-2024-54020May 28, 2025
    risk 0.00cvss epss 0.00

    A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.

  • CVE-2025-47295May 28, 2025
    risk 0.00cvss epss 0.01

    A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of…

  • CVE-2025-25251May 28, 2025
    risk 0.00cvss epss 0.00

    An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.

  • CVE-2025-22859May 13, 2025
    risk 0.00cvss epss 0.01

    A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests.

  • CVE-2024-35281May 13, 2025
    risk 0.00cvss epss 0.00

    An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron…

  • CVE-2024-48887Apr 8, 2025
    risk 0.00cvss epss 0.11

    A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request

  • CVE-2024-50565Apr 8, 2025
    risk 0.00cvss epss 0.00

    A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through…

  • CVE-2024-26013Apr 8, 2025
    risk 0.00cvss epss 0.00

    A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2,…

  • CVE-2023-37930Apr 8, 2025
    risk 0.00cvss epss 0.01

    Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities vulnerability in Fortinet allows a VPN user to corrupt memory potentially leading to code or commands execution via specifically crafted requests.

  • CVE-2024-52962Apr 8, 2025
    risk 0.00cvss epss 0.00

    An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and FortiManager version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below,…

  • CVE-2024-46671Apr 8, 2025
    risk 0.00cvss epss 0.00

    An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform…

  • CVE-2024-54024Apr 8, 2025
    risk 0.00cvss epss 0.01

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically…

  • CVE-2024-54025Apr 8, 2025
    risk 0.00cvss epss 0.00

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests.

  • CVE-2025-25254Apr 8, 2025
    risk 0.00cvss epss 0.01

    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to access and modify the filesystem…

  • CVE-2025-22855Apr 8, 2025
    risk 0.00cvss epss 0.00

    An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.

  • CVE-2023-40714Apr 2, 2025
    risk 0.00cvss epss 0.01

    A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements

  • CVE-2023-33302Mar 31, 2025
    risk 0.00cvss epss 0.00

    A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker…

  • CVE-2021-24008Mar 28, 2025
    risk 0.00cvss epss 0.00

    An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below,…

  • CVE-2019-16149Mar 28, 2025
    risk 0.00cvss epss 0.00

    An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system.

  • CVE-2021-26091Mar 24, 2025
    risk 0.00cvss epss 0.00

    A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication…

  • CVE-2021-26105Mar 24, 2025
    risk 0.00cvss epss 0.00

    A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests.

  • CVE-2019-16151Mar 21, 2025
    risk 0.00cvss epss 0.00

    An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code…

  • CVE-2023-47539Mar 18, 2025
    risk 0.00cvss epss 0.01

    An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.

  • CVE-2024-21760Mar 18, 2025
    risk 0.00cvss epss 0.01

    An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the…

  • CVE-2019-6697Mar 17, 2025
    risk 0.00cvss epss 0.00

    An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an unauthenticated attacker in the same network as the FortiGate to perform a…

  • CVE-2020-9295Mar 17, 2025
    risk 0.00cvss epss 0.00

    FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially…

  • CVE-2020-29010Mar 17, 2025
    risk 0.00cvss epss 0.01

    An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from…

  • CVE-2019-17659Mar 17, 2025
    risk 0.00cvss epss 0.01

    A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a…

  • CVE-2021-22126Mar 17, 2025
    risk 0.00cvss epss 0.00

    A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the…

  • CVE-2021-32584Mar 17, 2025
    risk 0.00cvss epss 0.01

    An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access certain areas of the web…

  • CVE-2024-54027Mar 17, 2025
    risk 0.00cvss epss 0.00

    A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin…

  • CVE-2021-26087Mar 17, 2025
    risk 0.00cvss epss 0.00

    An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote attackers and non-authenticated attackers in the same network as the…

  • CVE-2019-15706Mar 17, 2025
    risk 0.00cvss epss 0.00

    An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below, version 5.6.12 may allow a remote authenticated attacker to perform a stored…

  • CVE-2024-55594Mar 14, 2025
    risk 0.00cvss epss 0.00

    An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

  • CVE-2023-48785Mar 14, 2025
    risk 0.00cvss epss 0.00

    An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.

  • CVE-2023-33300Mar 14, 2025
    risk 0.00cvss epss 0.13

    A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port.

  • CVE-2023-45588Mar 14, 2025
    risk 0.00cvss epss 0.00

    An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the…

  • CVE-2024-40585Mar 14, 2025
    risk 0.00cvss epss 0.00

    An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.3 and below, version…

  • CVE-2022-29059Mar 14, 2025
    risk 0.00cvss epss 0.00

    An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands over the log database…

  • CVE-2024-47573Mar 14, 2025
    risk 0.00cvss epss 0.00

    An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to…

  • CVE-2024-46662Mar 14, 2025
    risk 0.00cvss epss 0.02

    A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets

  • CVE-2024-40590Mar 14, 2025
    risk 0.00cvss epss 0.00

    An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated…

  • CVE-2024-26006Mar 14, 2025
    risk 0.00cvss epss 0.01

    An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI…

  • CVE-2024-33501Mar 11, 2025
    risk 0.00cvss epss 0.00

    Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version…

  • CVE-2024-54026Mar 11, 2025
    risk 0.00cvss epss 0.00

    An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all…

  • CVE-2024-32123Mar 11, 2025
    risk 0.00cvss epss 0.00

    Multiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0…

Page 8 of 23