cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-27486,https://securityvulnerability.io/vulnerability/CVE-2022-27486,Fortinet's FortiDDoS Vulnerable to Command Injection Attacks,"An OS command injection vulnerability exists in Fortinet FortiDDoS, allowing authenticated attackers to execute arbitrary shell commands as root through crafted execute CLI commands. Multiple versions of both FortiDDoS and FortiDDoS-F products are affected. This security lapse can lead to unauthorized control over the device, posing significant risks to system integrity and data security.",Fortinet,"Fortiddos,Fortiddos-f",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T15:51:57.242Z,0
CVE-2023-25603,https://securityvulnerability.io/vulnerability/CVE-2023-25603,,"A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.",Fortinet,"Fortiddos-f,Fortiadc",5.4,MEDIUM,0.0013699999544769526,false,false,false,false,,false,false,2023-11-14T19:15:00.000Z,0
CVE-2023-29177,https://securityvulnerability.io/vulnerability/CVE-2023-29177,,Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.,Fortinet,"Fortiddos-f,Fortiadc",6.2,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-11-14T19:15:00.000Z,0
CVE-2022-40679,https://securityvulnerability.io/vulnerability/CVE-2022-40679,Command Injection Vulnerability in Fortinet Products,"An improper neutralization of special elements used in an OS command vulnerability exists in FortiADC and FortiDDoS products, enabling authenticated attackers to execute unauthorized commands by leveraging specifically crafted arguments. This weakness affects various versions across both product lines, highlighting the importance of keeping systems updated and applying necessary patches to mitigate potential exploitation. Organizations using Fortinet's solutions should review their configurations and work towards implementing recommended security practices to protect against this vulnerability.",Fortinet,"Fortiddos,Fortiddos-f,Fortiadc",7.1,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-04-11T16:05:49.688Z,0
CVE-2022-29060,https://securityvulnerability.io/vulnerability/CVE-2022-29060,,"A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.",Fortinet,Fortinet Fortiddos,8.1,HIGH,0.002630000002682209,false,false,false,false,,false,false,2022-07-19T14:15:00.000Z,0