cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-50563,https://securityvulnerability.io/vulnerability/CVE-2024-50563,Weak Authentication Vulnerability in Fortinet FortiManager and FortiAnalyzer Cloud,A vulnerability exists in Fortinet's FortiManager and FortiAnalyzer Cloud due to weak authentication mechanisms. This flaw allows attackers to execute unauthorized commands or code by exploiting brute-force techniques to gain access to the affected products. Administrators are urged to implement more robust authentication measures to mitigate risks associated with unauthorized access.,Fortinet,"Fortianalyzer,Fortimanager",6.7,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-16T09:16:52.864Z,0
CVE-2024-45331,https://securityvulnerability.io/vulnerability/CVE-2024-45331,Incorrect Privilege Assignment in Fortinet FortiAnalyzer and FortiManager,"Fortinet FortiAnalyzer and FortiManager products are affected by a vulnerability that allows an attacker to escalate privileges through specific shell commands. This could potentially enable unauthorized users to gain higher-level access within the system, compromising sensitive data and system integrity. This issue exists across multiple versions of both FortiAnalyzer and FortiManager, highlighting the importance for users to apply updates and patches promptly.",Fortinet,"Fortianalyzer,Fortimanager",6.9,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-16T08:59:23.201Z,0
CVE-2024-33502,https://securityvulnerability.io/vulnerability/CVE-2024-33502,Path Traversal Vulnerability in Fortinet FortiManager and FortiAnalyzer,"A flaw has been identified in Fortinet’s FortiManager and FortiAnalyzer products, allowing an improper limitation of a pathname to a restricted directory. This vulnerability enables attackers to potentially execute unauthorized code or commands by crafting malicious HTTP or HTTPS requests, exposing systems to significant risk. It affects multiple versions of both FortiManager and FortiAnalyzer across different series, making it critical for organizations to assess their systems and apply necessary mitigations.",Fortinet,"Fortimanager,Fortianalyzer",6.4,MEDIUM,0.0004400000034365803,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2021-32589,https://securityvulnerability.io/vulnerability/CVE-2021-32589,Use After Free Vulnerability in Fortinet FortiManager and FortiAnalyzer,"CVE-2021-32589 is a high-severity vulnerability discovered in Fortinet's FortiManager and FortiAnalyzer products. This vulnerability arises from a use after free scenario, which could allow an attacker to execute unauthorized code or commands on the affected systems. Exploiting this flaw could lead to significant security breaches, making it critical for users to apply recommended patches and updates immediately to protect their infrastructure. For more details, refer to the official Fortinet security advisory.",Fortinet,"Fortimanager,Fortianalyzer",7.7,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-19T12:22:32.543Z,0
CVE-2024-35274,https://securityvulnerability.io/vulnerability/CVE-2024-35274,Path Traversal Vulnerability in Fortinet FortiAnalyzer and FortiManager,"A vulnerability exists in Fortinet products, specifically FortiAnalyzer, FortiManager, and FortiAnalyzer-BigData, where improper limitations on directory paths allow a privileged attacker with administrative rights to create non-arbitrary files in a specified directory. This vulnerability can be exploited via specially crafted CLI requests, potentially compromising system integrity and access controls.",Fortinet,"Fortianalyzer,Fortimanager,Fortianalyzer Big Data",2.3,LOW,0.0004400000034365803,false,false,false,false,,false,false,2024-11-12T19:15:00.000Z,0
CVE-2024-32118,https://securityvulnerability.io/vulnerability/CVE-2024-32118,OS Command Injection Vulnerability in Fortinet FortiManager and FortiAnalyzer,"Multiple vulnerabilities exist in Fortinet FortiManager and FortiAnalyzer due to improper neutralization of special elements in OS commands. An authenticated attacker with privileged access can exploit this flaw by crafting specific CLI requests. This allows unauthorized code execution, potentially compromising the integrity and confidentiality of the affected systems. All users of Fortinet's affected products are advised to review security patches and apply necessary updates to mitigate these risks.",Fortinet,"Fortimanager,Fortianalyzer,Fortianalyzer Big Data",6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T19:15:00.000Z,0
CVE-2023-44255,https://securityvulnerability.io/vulnerability/CVE-2023-44255,Potential Exposure of Sensitive Information Through Crafted HTTP or HTTPS Requests,"In Fortinet FortiManager prior to version 7.4.2, FortiAnalyzer prior to version 7.4.2, and FortiAnalyzer-BigData prior to version 7.2.5, an exposure of sensitive information allows a privileged attacker with administrative read permissions to potentially access event logs pertaining to another Administrative Domain (ADOM) through specially crafted HTTP or HTTPS requests. This flaw highlights the importance of securing event log access and ensuring that sensitive information remains isolated within configured administrative boundaries.",Fortinet,"Fortimanager,Fortianalyzer",3.9,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T18:53:53.585Z,0
CVE-2023-44254,https://securityvulnerability.io/vulnerability/CVE-2023-44254,Remote Sensitive Data Read with Low Privileges,"A vulnerability exists in Fortinet's FortiAnalyzer and FortiManager products that allows an attacker to bypass authorization controls due to user-controlled key handling. This weakness permits a remote attacker with minimal privileges to gain access to sensitive information by sending specially crafted HTTP requests. This action exploits the inadequacies in the authorization mechanisms of the affected software versions, raising significant security concerns for organizations using these products in their infrastructure.",Fortinet,"Fortianalyzer,Fortimanager",6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-09-10T14:37:45.294Z,0
CVE-2024-21757,https://securityvulnerability.io/vulnerability/CVE-2024-21757,FortiManager Password Modification Vulnerability,"The vulnerability identifies a significant security issue in Fortinet's FortiManager and FortiAnalyzer products where an unverified password change can occur. Specifically, versions 7.0.0 through 7.0.10, 7.2.0 through 7.2.4, and 7.4.0 through 7.4.1 are susceptible. An attacker can exploit this flaw to modify administrative passwords using the device configuration backup. This vulnerability underscores the necessity for implementing robust security measures and caution during backup operations.",Fortinet,"Fortimanager,Fortianalyzer",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T15:51:57.495Z,0
CVE-2023-41842,https://securityvulnerability.io/vulnerability/CVE-2023-41842,FortiManager Vulnerability Allows Privileged Attacker to Execute Unauthorized Code,"A vulnerability exists in multiple Fortinet products due to a use of externally-controlled format string, exposing the system to potential unauthorized code execution. This flaw allows a privileged attacker to inject specially crafted command arguments that could lead to execution of arbitrary code in the context of the affected application. The vulnerability affects FortiManager versions 7.4.0 to 7.4.1, 7.2.0 to 7.2.3, and versions prior to 7.0.10, as well as FortiAnalyzer in similar version ranges. Additionally, it impacts FortiAnalyzer-BigData versions prior to 7.2.5, and all versions of FortiPortal version 6.0 and 5.3. Users and administrators are urged to update their affected products to the patched versions to mitigate potential risks.",Fortinet,"Fortimanager,Fortianalyzer,Fortiportal",6.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-03-12T15:09:16.279Z,0
CVE-2023-42791,https://securityvulnerability.io/vulnerability/CVE-2023-42791,Fortinet FortiManager Path Traversal Vulnerability Allows Unauthorized Code Execution,"A relative path traversal vulnerability exists in Fortinet FortiManager affecting various versions, enabling attackers to perform unauthorized code execution through specially crafted HTTP requests. By exploiting this vulnerability, attackers can manipulate the relative paths used by the application, potentially gaining access to sensitive files and executing unintended commands. Organizations using affected versions of FortiManager should take immediate steps to apply patches and improve their security posture. For more information and guidance, refer to Fortinet's official advisory.",Fortinet,"FortiManager,FortiAnalyzer",8.8,HIGH,0.0006000000284984708,false,false,false,false,,false,false,2024-02-20T13:19:20.221Z,0
CVE-2023-44253,https://securityvulnerability.io/vulnerability/CVE-2023-44253,FortiManager Vulnerability Allows Adom Administrator to Enumerate Other Adoms and Device Names,"An exposure of sensitive information vulnerability exists in Fortinet's FortiManager and FortiAnalyzer, where adom administrators can enumerate other administrative domains and device names via specially crafted HTTP or HTTPS requests. This vulnerability affects FortiManager versions 7.4.0 through 7.4.1 and prior versions below 7.2.5, as well as FortiAnalyzer and FortiAnalyzer-BigData in the same version range. Malicious actors could exploit this issue to gain insights into the operational environment and potentially facilitate further attacks.",Fortinet,"Fortimanager,Fortianalyzer",4.7,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2024-02-15T13:59:24.262Z,0
CVE-2023-40719,https://securityvulnerability.io/vulnerability/CVE-2023-40719,Use of Hard-Coded Credentials in Fortinet FortiAnalyzer and FortiManager Products,"A use of hard-coded credentials vulnerability exists in Fortinet's FortiAnalyzer and FortiManager products across specified versions. This flaw enables attackers to potentially gain unauthorized access to Fortinet's private testing data, compromising the integrity of sensitive information. Users are urged to review their deployment and implement necessary security measures to mitigate this vulnerability.",Fortinet,"Fortianalyzer,Fortimanager",4.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-11-14T19:15:00.000Z,0
CVE-2023-44256,https://securityvulnerability.io/vulnerability/CVE-2023-44256,,"A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.",Fortinet,"Fortianalyzer,Fortimanager",6.4,MEDIUM,0.0019499999471008778,false,false,false,false,,false,false,2023-10-20T10:15:00.000Z,0
CVE-2023-25607,https://securityvulnerability.io/vulnerability/CVE-2023-25607,"OS Command Injection Vulnerability in FortiManager, FortiAnalyzer, and FortiADC","This vulnerability arises from inadequate neutralization of special elements used in OS commands within FortiManager, FortiAnalyzer, and FortiADC management interfaces. It potentially allows an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell through unsafe usage of the wordexp function. This could lead to unauthorized access and manipulation of the underlying system.",Fortinet,"Fortianalyzer,Fortimanager,Fortiadc",7.4,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-41838,https://securityvulnerability.io/vulnerability/CVE-2023-41838,,An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.,Fortinet,"Fortianalyzer,Fortimanager",6.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-42788,https://securityvulnerability.io/vulnerability/CVE-2023-42788,OS Command Injection Vulnerability in FortiManager and FortiAnalyzer by Fortinet,"An OS command injection vulnerability exists in FortiManager and FortiAnalyzer that may allow a local attacker with limited privileges to execute arbitrary code. This vulnerability arises from improper handling of specially crafted arguments to CLI commands in various versions. Successful exploitation could lead to unauthorized actions on the system, making it essential for users to apply appropriate security measures and software updates as outlined in Fortinet's advisory.",Fortinet,"Fortianalyzer,Fortimanager",7.6,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-42787,https://securityvulnerability.io/vulnerability/CVE-2023-42787,,A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.,Fortinet,"FortiManager,FortiAnalyzer",6.5,MEDIUM,0.001970000099390745,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-44249,https://securityvulnerability.io/vulnerability/CVE-2023-44249,,An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.,Fortinet,"FortiManager,FortiAnalyzer",6.5,MEDIUM,0.0006000000284984708,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-36638,https://securityvulnerability.io/vulnerability/CVE-2023-36638,,"An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.",Fortinet,"Fortimanager,Fortianalyzer",4.2,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2023-09-13T13:15:00.000Z,0
CVE-2022-22305,https://securityvulnerability.io/vulnerability/CVE-2022-22305,,"An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.",Fortinet,"Fortianalyzer,Fortisandbox,Fortimanager",5.4,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2023-09-01T11:43:03.878Z,0
CVE-2021-43072,https://securityvulnerability.io/vulnerability/CVE-2021-43072,"Buffer Overflow in Fortinet FortiAnalyzer, FortiManager, and FortiOS","A buffer copy without size checks vulnerability exists in Fortinet's FortiAnalyzer, FortiManager, FortiOS, and FortiProxy products. This flaw allows attackers to execute unauthorized commands or code through specially crafted CLI operations such as `execute restore image` and `execute certificate remote`, leveraging the tFTP protocol. Affected versions span various releases, creating significant risks for systems that remain unpatched.",Fortinet,"Fortianalyzer,Fortimanager",6.3,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T00:01:04.306Z,0
CVE-2023-25606,https://securityvulnerability.io/vulnerability/CVE-2023-25606,,"An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4  all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.",Fortinet,"Fortimanager,Fortianalyzer",6.2,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2023-07-11T17:15:00.000Z,0
CVE-2023-25609,https://securityvulnerability.io/vulnerability/CVE-2023-25609,,"A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests.",Fortinet,"Fortianalyzer,Fortimanager",4.2,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0
CVE-2023-22642,https://securityvulnerability.io/vulnerability/CVE-2023-22642,,"An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources.",Fortinet,"Fortianalyzer,Fortimanager",6.8,MEDIUM,0.001129999989643693,false,false,false,false,,false,false,2023-04-11T17:15:00.000Z,0