cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-23439,https://securityvulnerability.io/vulnerability/CVE-2022-23439,External Resource Referencing Vulnerability in Fortinet Products,"This vulnerability in Fortinet products allows attackers to perform web cache poisoning through specially crafted HTTP requests. By manipulating the 'Host' header to point to a malicious web server, an adversary can inject harmful resources into the cache, potentially impacting the integrity and availability of cached content for users. Multiple Fortinet products are affected, creating a significant security risk that necessitates prompt updates and remediation.",Fortinet,"Fortitester,FortiOS,Fortimail,Fortiswitch,Fortiddos-f,Fortiproxy,Fortirecorder,Fortindr,Fortiadc,Fortimanager,Fortisoar,Fortivoice,Fortiddos,Fortiwlc,Fortianalyzer,Fortiportal,Fortiauthenticator",4.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T10:15:00.000Z,0
CVE-2022-27486,https://securityvulnerability.io/vulnerability/CVE-2022-27486,Fortinet's FortiDDoS Vulnerable to Command Injection Attacks,"An OS command injection vulnerability exists in Fortinet FortiDDoS, allowing authenticated attackers to execute arbitrary shell commands as root through crafted execute CLI commands. Multiple versions of both FortiDDoS and FortiDDoS-F products are affected. This security lapse can lead to unauthorized control over the device, posing significant risks to system integrity and data security.",Fortinet,"Fortiddos,Fortiddos-f",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T15:51:57.242Z,0
CVE-2023-25603,https://securityvulnerability.io/vulnerability/CVE-2023-25603,Permissive Cross-Domain Policy Vulnerability in Fortinet FortiADC and FortiDDoS,A permissive cross-domain policy vulnerability found in Fortinet FortiADC and FortiDDoS products exposes systems to significant security risks. This flaw allows unauthorized attackers to execute privileged actions and access sensitive information by exploiting untrusted domain permissions through specially crafted web requests. Organizations using the affected versions are advised to take immediate action to secure their systems by updating to the patched versions.,Fortinet,"Fortiddos-f,Fortiadc",5.4,MEDIUM,0.0013699999544769526,false,,false,false,false,,,false,false,,2023-11-14T19:15:00.000Z,0
CVE-2023-29177,https://securityvulnerability.io/vulnerability/CVE-2023-29177,Buffer Overflow Vulnerabilities in Fortinet's FortiADC and FortiDDoS-F Products,"Fortinet's FortiADC and FortiDDoS-F products are impacted by multiple buffer overflow vulnerabilities that occur due to improper size checks during buffer copy operations. These vulnerabilities could allow a privileged attacker to craft malicious Command-Line Interface (CLI) requests, potentially leading to arbitrary code execution or command execution in the affected systems. It is essential for users of FortiADC versions up to 7.2.0 and FortiDDoS-F versions up to 6.5.0 to apply the necessary updates to mitigate these risks.",Fortinet,"Fortiddos-f,Fortiadc",6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-14T19:15:00.000Z,0
CVE-2022-40679,https://securityvulnerability.io/vulnerability/CVE-2022-40679,Command Injection Vulnerability in Fortinet Products,"An improper neutralization of special elements used in an OS command vulnerability exists in FortiADC and FortiDDoS products, enabling authenticated attackers to execute unauthorized commands by leveraging specifically crafted arguments. This weakness affects various versions across both product lines, highlighting the importance of keeping systems updated and applying necessary patches to mitigate potential exploitation. Organizations using Fortinet's solutions should review their configurations and work towards implementing recommended security practices to protect against this vulnerability.",Fortinet,"Fortiddos,Fortiddos-f,Fortiadc",7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-11T16:05:49.688Z,0
CVE-2022-29060,https://securityvulnerability.io/vulnerability/CVE-2022-29060,Hard-Coded Cryptographic Key Vulnerability in FortiDDoS by Fortinet,"FortiDDoS suffers from a vulnerability that involves the use of hard-coded cryptographic keys, which may allow attackers to extract keys from the device. If an attacker successfully retrieves the hard-coded key, they could misuse it to sign JWT tokens on behalf of any device that utilizes the compromised key, leading to potential unauthorized access and control over those devices. Affected versions span from 5.1.0 to 5.5.1, necessitating prompt attention from users to mitigate risks associated with this vulnerability.",Fortinet,Fortinet Fortiddos,8.1,HIGH,0.002630000002682209,false,,false,false,false,,,false,false,,2022-07-19T14:15:00.000Z,0