cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-23663,https://securityvulnerability.io/vulnerability/CVE-2024-23663,Improper Access Control in FortiExtender Could Lead to Elevated Privileges,"An improper access control vulnerability in Fortinet FortiExtender versions 4.1.1 to 4.1.9, 4.2.0 to 4.2.6, 5.3.2, 7.0.0 to 7.0.4, 7.2.0 to 7.2.4, and 7.4.0 to 7.4.2 can be exploited by attackers to create users with elevated privileges. This vulnerability arises from a failure to adequately control access rights, allowing unauthorized alteration of user roles through specially crafted HTTP requests.",Fortinet,Fortiextender Firmware,8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-07-09T16:15:00.000Z,0
CVE-2022-23447,https://securityvulnerability.io/vulnerability/CVE-2022-23447,Path Traversal Vulnerability in FortiExtender Management Interface,"A path traversal vulnerability exists in the FortiExtender management interface, affecting multiple versions across different releases. This flaw allows unauthenticated attackers to exploit the system by sending crafted web requests that facilitate unauthorized access to arbitrary files on the server's filesystem, potentially leading to data exposure and security breaches.",Fortinet,Fortiextender,7.3,HIGH,0.0015899999998509884,false,false,false,false,,false,false,2023-07-11T16:52:42.353Z,0
CVE-2022-27489,https://securityvulnerability.io/vulnerability/CVE-2022-27489,OS Command Injection Vulnerability in Fortinet FortiExtender,"An OS command injection vulnerability exists in Fortinet FortiExtender versions 7.0.0 to 7.0.3, 5.3.2, and 4.2.4 and below, allowing attackers to execute unauthorized code through specially crafted HTTP requests. This vulnerability arises from improper neutralization of special elements used in OS commands, potentially leading to severe security breaches. Fortinet recommends applying the latest updates to mitigate these risks.",Fortinet,Fortiextender,7,HIGH,0.0013200000394135714,false,false,false,false,,false,false,2023-02-16T18:06:40.150Z,0
CVE-2021-41016,https://securityvulnerability.io/vulnerability/CVE-2021-41016,,"A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters",Fortinet,Fortiextender Firmware,7.8,HIGH,0.0029899999499320984,false,false,false,false,,false,false,2022-02-02T10:58:37.000Z,0
CVE-2019-15710,https://securityvulnerability.io/vulnerability/CVE-2019-15710,,"An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ""execute date"" commands.",Fortinet,Fortiextender,7.2,HIGH,0.0016199999954551458,false,false,false,false,,false,false,2019-10-31T19:26:14.000Z,0