cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-40584,https://securityvulnerability.io/vulnerability/CVE-2024-40584,OS Command Injection Vulnerability in Fortinet FortiAnalyzer and FortiManager Products,"An OS command injection vulnerability allows an authenticated privileged attacker to execute unauthorized commands or code through specially crafted HTTP or HTTPS requests in multiple versions of Fortinet's FortiAnalyzer and FortiManager products. This flaw could lead to unauthorized access and execution of arbitrary commands, potentially compromising system integrity and data security.",Fortinet,"Fortianalyzer,Fortimanager",6.8,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T16:09:07.423Z,0
CVE-2024-36508,https://securityvulnerability.io/vulnerability/CVE-2024-36508,Path Traversal Vulnerability in Fortinet FortiManager and FortiAnalyzer,"An improper limitation of a pathname vulnerability exists in Fortinet FortiManager and FortiAnalyzer, allowing an authenticated administrator with diagnose privileges to exploit this flaw. This vulnerability enables the deletion of files from the system, which can lead to significant security concerns. System administrators should ensure their installations are updated to the latest versions to mitigate these risks.",Fortinet,"Fortimanager,Fortianalyzer",5.9,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T16:09:07.321Z,0
CVE-2024-52966,https://securityvulnerability.io/vulnerability/CVE-2024-52966,Information Disclosure Vulnerability in Fortinet FortiAnalyzer,"An information disclosure vulnerability exists in Fortinet FortiAnalyzer versions 6.4.0 through 7.6.0. An attacker could exploit this flaw through filter manipulation, potentially exposing sensitive information to unauthorized parties. This highlights the importance of ensuring proper filtering mechanisms to safeguard against unauthorized data access.",Fortinet,Fortianalyzer,2.2,LOW,0.01,false,,false,false,false,,false,false,false,,2025-02-11T16:09:01.588Z,0
CVE-2022-23439,https://securityvulnerability.io/vulnerability/CVE-2022-23439,External Resource Referencing Vulnerability in Fortinet Products,"This vulnerability in Fortinet products allows attackers to perform web cache poisoning through specially crafted HTTP requests. By manipulating the 'Host' header to point to a malicious web server, an adversary can inject harmful resources into the cache, potentially impacting the integrity and availability of cached content for users. Multiple Fortinet products are affected, creating a significant security risk that necessitates prompt updates and remediation.",Fortinet,"Fortitester,FortiOS,Fortimail,Fortiswitch,Fortiddos-f,Fortiproxy,Fortirecorder,Fortindr,Fortiadc,Fortimanager,Fortisoar,Fortivoice,Fortiddos,Fortiwlc,Fortianalyzer,Fortiportal,Fortiauthenticator",4.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T10:15:00.000Z,0
CVE-2024-50563,https://securityvulnerability.io/vulnerability/CVE-2024-50563,Weak Authentication Vulnerability in Fortinet FortiManager and FortiAnalyzer Cloud,A vulnerability exists in Fortinet's FortiManager and FortiAnalyzer Cloud due to weak authentication mechanisms. This flaw allows attackers to execute unauthorized commands or code by exploiting brute-force techniques to gain access to the affected products. Administrators are urged to implement more robust authentication measures to mitigate risks associated with unauthorized access.,Fortinet,"Fortianalyzer,Fortimanager",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-16T09:16:52.864Z,0
CVE-2024-45331,https://securityvulnerability.io/vulnerability/CVE-2024-45331,Incorrect Privilege Assignment in Fortinet FortiAnalyzer and FortiManager,"Fortinet FortiAnalyzer and FortiManager products are affected by a vulnerability that allows an attacker to escalate privileges through specific shell commands. This could potentially enable unauthorized users to gain higher-level access within the system, compromising sensitive data and system integrity. This issue exists across multiple versions of both FortiAnalyzer and FortiManager, highlighting the importance for users to apply updates and patches promptly.",Fortinet,"Fortianalyzer,Fortimanager",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-16T08:59:23.201Z,0
CVE-2024-33502,https://securityvulnerability.io/vulnerability/CVE-2024-33502,Path Traversal Vulnerability in Fortinet FortiManager and FortiAnalyzer,"A flaw has been identified in Fortinet’s FortiManager and FortiAnalyzer products, allowing an improper limitation of a pathname to a restricted directory. This vulnerability enables attackers to potentially execute unauthorized code or commands by crafting malicious HTTP or HTTPS requests, exposing systems to significant risk. It affects multiple versions of both FortiManager and FortiAnalyzer across different series, making it critical for organizations to assess their systems and apply necessary mitigations.",Fortinet,"Fortimanager,Fortianalyzer",7.2,HIGH,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2021-32589,https://securityvulnerability.io/vulnerability/CVE-2021-32589,Use After Free Vulnerability in Fortinet FortiManager and FortiAnalyzer,"CVE-2021-32589 is a high-severity vulnerability discovered in Fortinet's FortiManager and FortiAnalyzer products. This vulnerability arises from a use after free scenario, which could allow an attacker to execute unauthorized code or commands on the affected systems. Exploiting this flaw could lead to significant security breaches, making it critical for users to apply recommended patches and updates immediately to protect their infrastructure. For more details, refer to the official Fortinet security advisory.",Fortinet,"Fortimanager,Fortianalyzer",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-12-19T12:22:32.543Z,0
CVE-2024-35274,https://securityvulnerability.io/vulnerability/CVE-2024-35274,Path Traversal Vulnerability in Fortinet FortiAnalyzer and FortiManager,"A vulnerability exists in Fortinet products, specifically FortiAnalyzer, FortiManager, and FortiAnalyzer-BigData, where improper limitations on directory paths allow a privileged attacker with administrative rights to create non-arbitrary files in a specified directory. This vulnerability can be exploited via specially crafted CLI requests, potentially compromising system integrity and access controls.",Fortinet,"Fortianalyzer,Fortimanager,Fortianalyzer Big Data",2.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-12T19:15:00.000Z,0
CVE-2024-33505,https://securityvulnerability.io/vulnerability/CVE-2024-33505,Heap-based Buffer Overflow in Fortinet FortiAnalyzer and FortiManager Products,"A heap-based buffer overflow has been identified in Fortinet's FortiAnalyzer and FortiManager. This vulnerability affects numerous versions and can potentially allow an attacker to escalate privileges by sending specially crafted HTTP requests. The issue arises due to improper handling of buffer allocation, which can be exploited to manipulate the program's memory and execute arbitrary code. Organizations utilizing these Fortinet products should assess their systems for affected versions and apply necessary security patches and updates as advised in the official guidance.",Fortinet,"Fortimanager,Fortianalyzer,Fortimanager Cloud",7.3,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-12T19:15:00.000Z,0
CVE-2024-32118,https://securityvulnerability.io/vulnerability/CVE-2024-32118,OS Command Injection Vulnerability in Fortinet FortiManager and FortiAnalyzer,"Multiple vulnerabilities exist in Fortinet FortiManager and FortiAnalyzer due to improper neutralization of special elements in OS commands. An authenticated attacker with privileged access can exploit this flaw by crafting specific CLI requests. This allows unauthorized code execution, potentially compromising the integrity and confidentiality of the affected systems. All users of Fortinet's affected products are advised to review security patches and apply necessary updates to mitigate these risks.",Fortinet,"Fortimanager,Fortianalyzer,Fortianalyzer Big Data",6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-12T19:15:00.000Z,0
CVE-2023-44255,https://securityvulnerability.io/vulnerability/CVE-2023-44255,Potential Exposure of Sensitive Information Through Crafted HTTP or HTTPS Requests,"In Fortinet FortiManager prior to version 7.4.2, FortiAnalyzer prior to version 7.4.2, and FortiAnalyzer-BigData prior to version 7.2.5, an exposure of sensitive information allows a privileged attacker with administrative read permissions to potentially access event logs pertaining to another Administrative Domain (ADOM) through specially crafted HTTP or HTTPS requests. This flaw highlights the importance of securing event log access and ensuring that sensitive information remains isolated within configured administrative boundaries.",Fortinet,"Fortimanager,Fortianalyzer",4.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-12T18:53:53.585Z,0
CVE-2024-45330,https://securityvulnerability.io/vulnerability/CVE-2024-45330,External Control of Privileges via Format String Flaw in FortiAnalyzer,"A vulnerability exists in Fortinet's FortiAnalyzer software, specifically in versions 7.4.0 through 7.4.3 and 7.2.2 through 7.2.5. This flaw stems from the use of an externally-controlled format string that allows an attacker to escalate privileges through specially crafted requests. Implementing security measures and updates is crucial for users of these affected versions to mitigate potential exploitation.",Fortinet,Fortianalyzer,7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-08T14:19:03.894Z,0
CVE-2023-44254,https://securityvulnerability.io/vulnerability/CVE-2023-44254,Remote Sensitive Data Read with Low Privileges,"A vulnerability exists in Fortinet's FortiAnalyzer and FortiManager products that allows an attacker to bypass authorization controls due to user-controlled key handling. This weakness permits a remote attacker with minimal privileges to gain access to sensitive information by sending specially crafted HTTP requests. This action exploits the inadequacies in the authorization mechanisms of the affected software versions, raising significant security concerns for organizations using these products in their infrastructure.",Fortinet,"Fortianalyzer,Fortimanager",6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-09-10T14:37:45.294Z,0
CVE-2024-21757,https://securityvulnerability.io/vulnerability/CVE-2024-21757,FortiManager Password Modification Vulnerability,"The vulnerability identifies a significant security issue in Fortinet's FortiManager and FortiAnalyzer products where an unverified password change can occur. Specifically, versions 7.0.0 through 7.0.10, 7.2.0 through 7.2.4, and 7.4.0 through 7.4.1 are susceptible. An attacker can exploit this flaw to modify administrative passwords using the device configuration backup. This vulnerability underscores the necessity for implementing robust security measures and caution during backup operations.",Fortinet,"Fortimanager,Fortianalyzer",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T15:51:57.495Z,0
CVE-2023-41842,https://securityvulnerability.io/vulnerability/CVE-2023-41842,FortiManager Vulnerability Allows Privileged Attacker to Execute Unauthorized Code,"A vulnerability exists in multiple Fortinet products due to a use of externally-controlled format string, exposing the system to potential unauthorized code execution. This flaw allows a privileged attacker to inject specially crafted command arguments that could lead to execution of arbitrary code in the context of the affected application. The vulnerability affects FortiManager versions 7.4.0 to 7.4.1, 7.2.0 to 7.2.3, and versions prior to 7.0.10, as well as FortiAnalyzer in similar version ranges. Additionally, it impacts FortiAnalyzer-BigData versions prior to 7.2.5, and all versions of FortiPortal version 6.0 and 5.3. Users and administrators are urged to update their affected products to the patched versions to mitigate potential risks.",Fortinet,"Fortimanager,Fortianalyzer,Fortiportal",6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-12T15:09:16.279Z,0
CVE-2023-42791,https://securityvulnerability.io/vulnerability/CVE-2023-42791,Fortinet FortiManager Path Traversal Vulnerability Allows Unauthorized Code Execution,"A relative path traversal vulnerability exists in Fortinet FortiManager affecting various versions, enabling attackers to perform unauthorized code execution through specially crafted HTTP requests. By exploiting this vulnerability, attackers can manipulate the relative paths used by the application, potentially gaining access to sensitive files and executing unintended commands. Organizations using affected versions of FortiManager should take immediate steps to apply patches and improve their security posture. For more information and guidance, refer to Fortinet's official advisory.",Fortinet,"FortiManager,FortiAnalyzer",8.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-02-20T13:19:20.221Z,0
CVE-2023-44253,https://securityvulnerability.io/vulnerability/CVE-2023-44253,FortiManager Vulnerability Allows Adom Administrator to Enumerate Other Adoms and Device Names,"An exposure of sensitive information vulnerability exists in Fortinet's FortiManager and FortiAnalyzer, where adom administrators can enumerate other administrative domains and device names via specially crafted HTTP or HTTPS requests. This vulnerability affects FortiManager versions 7.4.0 through 7.4.1 and prior versions below 7.2.5, as well as FortiAnalyzer and FortiAnalyzer-BigData in the same version range. Malicious actors could exploit this issue to gain insights into the operational environment and potentially facilitate further attacks.",Fortinet,"Fortimanager,Fortianalyzer",4.7,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-02-15T13:59:24.262Z,0
CVE-2023-40719,https://securityvulnerability.io/vulnerability/CVE-2023-40719,Use of Hard-Coded Credentials in Fortinet FortiAnalyzer and FortiManager Products,"A use of hard-coded credentials vulnerability exists in Fortinet's FortiAnalyzer and FortiManager products across specified versions. This flaw enables attackers to potentially gain unauthorized access to Fortinet's private testing data, compromising the integrity of sensitive information. Users are urged to review their deployment and implement necessary security measures to mitigate this vulnerability.",Fortinet,"Fortianalyzer,Fortimanager",4.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-11-14T19:15:00.000Z,0
CVE-2023-44256,https://securityvulnerability.io/vulnerability/CVE-2023-44256,Server-Side Request Forgery Vulnerability in Fortinet FortiAnalyzer and FortiManager,"A server-side request forgery vulnerability found in Fortinet's FortiAnalyzer and FortiManager products allows remote attackers with low privileges to exploit internal systems. By crafting specific HTTP requests, these attackers can gain unauthorized access to sensitive data residing within the internal servers or conduct a local port scan. This vulnerability has implications for information confidentiality and organizational security, necessitating immediate attention and remediation.",Fortinet,"Fortianalyzer,Fortimanager",6.4,MEDIUM,0.0019499999471008778,false,,false,false,false,,,false,false,,2023-10-20T10:15:00.000Z,0
CVE-2023-41838,https://securityvulnerability.io/vulnerability/CVE-2023-41838,OS Command Injection Vulnerability in FortiManager by Fortinet,"A vulnerability exists in FortiManager that allows for OS command injection due to improper neutralization of special elements in commands. This may enable an attacker to execute unauthorized code or commands through the FortiManager CLI, potentially compromising the security of affected systems. Ensure timely updates and configurations to mitigate the risks associated with this vulnerability. For detailed information, refer to Fortinet's advisory.",Fortinet,"Fortianalyzer,Fortimanager",6.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2023-42782,https://securityvulnerability.io/vulnerability/CVE-2023-42782,Insufficient Data Verification in Fortinet FortiAnalyzer Affects Product Security,"A vulnerability exists in FortiAnalyzer version 7.4.0 and earlier 7.2.3, allowing a remote attacker to exploit insufficient verification of data authenticity. By knowing the serial number of an authorized device, an unauthenticated attacker can send messages to the syslog server, potentially compromising the messaging integrity and confidentiality.",Fortinet,Fortianalyzer,5,MEDIUM,0.0011099999537691474,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2023-42788,https://securityvulnerability.io/vulnerability/CVE-2023-42788,OS Command Injection Vulnerability in FortiManager and FortiAnalyzer by Fortinet,"An OS command injection vulnerability exists in FortiManager and FortiAnalyzer that may allow a local attacker with limited privileges to execute arbitrary code. This vulnerability arises from improper handling of specially crafted arguments to CLI commands in various versions. Successful exploitation could lead to unauthorized actions on the system, making it essential for users to apply appropriate security measures and software updates as outlined in Fortinet's advisory.",Fortinet,"Fortianalyzer,Fortimanager",7.6,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2023-44249,https://securityvulnerability.io/vulnerability/CVE-2023-44249,Authorization Bypass in Fortinet FortiManager and FortiAnalyzer Products,"A vulnerability exists in Fortinet's FortiManager and FortiAnalyzer products that allows an attacker with low privileges to bypass authorization controls. This security flaw enables unauthorized access to sensitive information by sending specially crafted HTTP requests. It affects FortiManager versions up to 7.2.3 and FortiAnalyzer versions up to 7.2.3, posing a significant risk if not mitigated.",Fortinet,"FortiManager,FortiAnalyzer",6.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2023-42787,https://securityvulnerability.io/vulnerability/CVE-2023-42787,Client-Side Security Flaw in Fortinet FortiManager and FortiAnalyzer,"A vulnerability exists in Fortinet FortiManager and FortiAnalyzer that could enable remote attackers with limited privileges to gain unauthorized access to a sensitive web console through improper enforcement of server-side security measures. This issue arises from vulnerabilities in client-side code execution, impacting the integrity and confidentiality of the systems.",Fortinet,"FortiManager,FortiAnalyzer",6.5,MEDIUM,0.001970000099390745,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0