cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-40584,https://securityvulnerability.io/vulnerability/CVE-2024-40584,OS Command Injection Vulnerability in Fortinet FortiAnalyzer and FortiManager Products,"An OS command injection vulnerability allows an authenticated privileged attacker to execute unauthorized commands or code through specially crafted HTTP or HTTPS requests in multiple versions of Fortinet's FortiAnalyzer and FortiManager products. This flaw could lead to unauthorized access and execution of arbitrary commands, potentially compromising system integrity and data security.",Fortinet,"Fortianalyzer,Fortimanager",6.8,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T16:09:07.423Z,0
CVE-2024-36508,https://securityvulnerability.io/vulnerability/CVE-2024-36508,Path Traversal Vulnerability in Fortinet FortiManager and FortiAnalyzer,"An improper limitation of a pathname vulnerability exists in Fortinet FortiManager and FortiAnalyzer, allowing an authenticated administrator with diagnose privileges to exploit this flaw. This vulnerability enables the deletion of files from the system, which can lead to significant security concerns. System administrators should ensure their installations are updated to the latest versions to mitigate these risks.",Fortinet,"Fortimanager,Fortianalyzer",5.9,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T16:09:07.321Z,0
CVE-2024-33504,https://securityvulnerability.io/vulnerability/CVE-2024-33504,Cryptographic Flaw in FortiManager Affects Data Security,"A vulnerability has been identified in FortiManager that involves the use of hard-coded cryptographic keys for encrypting sensitive data. This issue affects multiple versions of FortiManager, allowing attackers with appropriate JSON API access to decrypt confidential information, even when the 'private-data-encryption' feature is supposed to be operational. This undermines the integrity and confidentiality of data, exposing it to potential unauthorized access.",Fortinet,Fortimanager,3.9,LOW,0.01,false,,false,false,false,,false,false,false,,2025-02-11T16:09:03.258Z,0
CVE-2022-23439,https://securityvulnerability.io/vulnerability/CVE-2022-23439,External Resource Referencing Vulnerability in Fortinet Products,"This vulnerability in Fortinet products allows attackers to perform web cache poisoning through specially crafted HTTP requests. By manipulating the 'Host' header to point to a malicious web server, an adversary can inject harmful resources into the cache, potentially impacting the integrity and availability of cached content for users. Multiple Fortinet products are affected, creating a significant security risk that necessitates prompt updates and remediation.",Fortinet,"Fortitester,FortiOS,Fortimail,Fortiswitch,Fortiddos-f,Fortiproxy,Fortirecorder,Fortindr,Fortiadc,Fortimanager,Fortisoar,Fortivoice,Fortiddos,Fortiwlc,Fortianalyzer,Fortiportal,Fortiauthenticator",4.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T10:15:00.000Z,0
CVE-2024-50563,https://securityvulnerability.io/vulnerability/CVE-2024-50563,Weak Authentication Vulnerability in Fortinet FortiManager and FortiAnalyzer Cloud,A vulnerability exists in Fortinet's FortiManager and FortiAnalyzer Cloud due to weak authentication mechanisms. This flaw allows attackers to execute unauthorized commands or code by exploiting brute-force techniques to gain access to the affected products. Administrators are urged to implement more robust authentication measures to mitigate risks associated with unauthorized access.,Fortinet,"Fortianalyzer,Fortimanager",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-16T09:16:52.864Z,0
CVE-2024-45331,https://securityvulnerability.io/vulnerability/CVE-2024-45331,Incorrect Privilege Assignment in Fortinet FortiAnalyzer and FortiManager,"Fortinet FortiAnalyzer and FortiManager products are affected by a vulnerability that allows an attacker to escalate privileges through specific shell commands. This could potentially enable unauthorized users to gain higher-level access within the system, compromising sensitive data and system integrity. This issue exists across multiple versions of both FortiAnalyzer and FortiManager, highlighting the importance for users to apply updates and patches promptly.",Fortinet,"Fortianalyzer,Fortimanager",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-16T08:59:23.201Z,0
CVE-2024-48884,https://securityvulnerability.io/vulnerability/CVE-2024-48884,Path Traversal Vulnerability in Fortinet FortiManager and Related Products,"A path traversal flaw in Fortinet's FortiManager and associated products allows attackers to exploit improperly limited paths to access restricted directories. This vulnerability could allow an unauthorized escalation of privileges through carefully crafted packets, putting sensitive data and functionalities at risk. Fortinet has outlined the affected versions across several product lines, highlighting the need for immediate attention and remediation.",Fortinet,"Fortimanager,FortiOS,Fortiproxy",9.1,CRITICAL,0.0004799999878741801,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-33502,https://securityvulnerability.io/vulnerability/CVE-2024-33502,Path Traversal Vulnerability in Fortinet FortiManager and FortiAnalyzer,"A flaw has been identified in Fortinet’s FortiManager and FortiAnalyzer products, allowing an improper limitation of a pathname to a restricted directory. This vulnerability enables attackers to potentially execute unauthorized code or commands by crafting malicious HTTP or HTTPS requests, exposing systems to significant risk. It affects multiple versions of both FortiManager and FortiAnalyzer across different series, making it critical for organizations to assess their systems and apply necessary mitigations.",Fortinet,"Fortimanager,Fortianalyzer",7.2,HIGH,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-35277,https://securityvulnerability.io/vulnerability/CVE-2024-35277,Authentication Bypass in Fortinet FortiPortal and FortiManager Products,"A vulnerability exists in Fortinet's FortiPortal and FortiManager products due to missing authentication for critical functionality. Attackers can exploit this weakness by sending specially crafted packets to gain unauthorized access to the configuration settings of managed devices. This oversight presents a significant security risk, potentially allowing malicious actors to manipulate device configurations without proper authorization.",Fortinet,Fortimanager,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2021-32589,https://securityvulnerability.io/vulnerability/CVE-2021-32589,Use After Free Vulnerability in Fortinet FortiManager and FortiAnalyzer,"CVE-2021-32589 is a high-severity vulnerability discovered in Fortinet's FortiManager and FortiAnalyzer products. This vulnerability arises from a use after free scenario, which could allow an attacker to execute unauthorized code or commands on the affected systems. Exploiting this flaw could lead to significant security breaches, making it critical for users to apply recommended patches and updates immediately to protect their infrastructure. For more details, refer to the official Fortinet security advisory.",Fortinet,"Fortimanager,Fortianalyzer",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-12-19T12:22:32.543Z,0
CVE-2024-48889,https://securityvulnerability.io/vulnerability/CVE-2024-48889,OS Command Injection Vulnerability in FortiManager by Fortinet,"The vulnerability presents an OS Command Injection risk, where improper neutralization of special elements allows an authenticated remote attacker to execute unauthorized commands. This affects multiple versions of FortiManager and FortiManager Cloud, posing significant security risks if exploited. Crafting specific FGFM requests could enable attackers to run arbitrary code, potentially compromising the integrity and availability of the affected systems.",Fortinet,Fortimanager,7.2,HIGH,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-12-18T13:15:00.000Z,0
CVE-2024-32118,https://securityvulnerability.io/vulnerability/CVE-2024-32118,OS Command Injection Vulnerability in Fortinet FortiManager and FortiAnalyzer,"Multiple vulnerabilities exist in Fortinet FortiManager and FortiAnalyzer due to improper neutralization of special elements in OS commands. An authenticated attacker with privileged access can exploit this flaw by crafting specific CLI requests. This allows unauthorized code execution, potentially compromising the integrity and confidentiality of the affected systems. All users of Fortinet's affected products are advised to review security patches and apply necessary updates to mitigate these risks.",Fortinet,"Fortimanager,Fortianalyzer,Fortianalyzer Big Data",6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-12T19:15:00.000Z,0
CVE-2024-35274,https://securityvulnerability.io/vulnerability/CVE-2024-35274,Path Traversal Vulnerability in Fortinet FortiAnalyzer and FortiManager,"A vulnerability exists in Fortinet products, specifically FortiAnalyzer, FortiManager, and FortiAnalyzer-BigData, where improper limitations on directory paths allow a privileged attacker with administrative rights to create non-arbitrary files in a specified directory. This vulnerability can be exploited via specially crafted CLI requests, potentially compromising system integrity and access controls.",Fortinet,"Fortianalyzer,Fortimanager,Fortianalyzer Big Data",2.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-12T19:15:00.000Z,0
CVE-2024-33505,https://securityvulnerability.io/vulnerability/CVE-2024-33505,Heap-based Buffer Overflow in Fortinet FortiAnalyzer and FortiManager Products,"A heap-based buffer overflow has been identified in Fortinet's FortiAnalyzer and FortiManager. This vulnerability affects numerous versions and can potentially allow an attacker to escalate privileges by sending specially crafted HTTP requests. The issue arises due to improper handling of buffer allocation, which can be exploited to manipulate the program's memory and execute arbitrary code. Organizations utilizing these Fortinet products should assess their systems for affected versions and apply necessary security patches and updates as advised in the official guidance.",Fortinet,"Fortimanager,Fortianalyzer,Fortimanager Cloud",7.3,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-12T19:15:00.000Z,0
CVE-2023-44255,https://securityvulnerability.io/vulnerability/CVE-2023-44255,Potential Exposure of Sensitive Information Through Crafted HTTP or HTTPS Requests,"In Fortinet FortiManager prior to version 7.4.2, FortiAnalyzer prior to version 7.4.2, and FortiAnalyzer-BigData prior to version 7.2.5, an exposure of sensitive information allows a privileged attacker with administrative read permissions to potentially access event logs pertaining to another Administrative Domain (ADOM) through specially crafted HTTP or HTTPS requests. This flaw highlights the importance of securing event log access and ensuring that sensitive information remains isolated within configured administrative boundaries.",Fortinet,"Fortimanager,Fortianalyzer",4.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-12T18:53:53.585Z,0
CVE-2024-47575,https://securityvulnerability.io/vulnerability/CVE-2024-47575,Specially crafted requests can execute arbitrary code or commands in FortiManager,"A critical security vulnerability exists in Fortinet's FortiManager products due to missing authentication for a critical function. This flaw enables attackers to send specially crafted requests that may allow arbitrary code execution or command execution on the affected devices. This vulnerability affects multiple versions of FortiManager and FortiManager Cloud, emphasizing the need for immediate attention and remediation to safeguard systems against potential exploitation.",Fortinet,Fortimanager,9.8,CRITICAL,0.8714600205421448,true,2024-10-23T00:00:00.000Z,true,true,true,2024-10-23T00:00:00.000Z,true,true,true,2024-10-27T12:23:45.625Z,2024-10-23T15:15:00.000Z,36364
CVE-2024-33506,https://securityvulnerability.io/vulnerability/CVE-2024-33506,Unauthorized Access to Sensitive Information via Crafted HTTP Requests,"An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests.",Fortinet,Fortimanager,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-08T14:19:03.883Z,0
CVE-2023-44254,https://securityvulnerability.io/vulnerability/CVE-2023-44254,Remote Sensitive Data Read with Low Privileges,"A vulnerability exists in Fortinet's FortiAnalyzer and FortiManager products that allows an attacker to bypass authorization controls due to user-controlled key handling. This weakness permits a remote attacker with minimal privileges to gain access to sensitive information by sending specially crafted HTTP requests. This action exploits the inadequacies in the authorization mechanisms of the affected software versions, raising significant security concerns for organizations using these products in their infrastructure.",Fortinet,"Fortianalyzer,Fortimanager",6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-09-10T14:37:45.294Z,0
CVE-2024-21757,https://securityvulnerability.io/vulnerability/CVE-2024-21757,FortiManager Password Modification Vulnerability,"The vulnerability identifies a significant security issue in Fortinet's FortiManager and FortiAnalyzer products where an unverified password change can occur. Specifically, versions 7.0.0 through 7.0.10, 7.2.0 through 7.2.4, and 7.4.0 through 7.4.1 are susceptible. An attacker can exploit this flaw to modify administrative passwords using the device configuration backup. This vulnerability underscores the necessity for implementing robust security measures and caution during backup operations.",Fortinet,"Fortimanager,Fortianalyzer",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T15:51:57.495Z,0
CVE-2023-47542,https://securityvulnerability.io/vulnerability/CVE-2023-47542,FortiManager Template Engine Vulnerability Allows Unauthorized Code Execution,"A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.",Fortinet,Fortimanager,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-09T14:24:24.616Z,0
CVE-2023-41842,https://securityvulnerability.io/vulnerability/CVE-2023-41842,FortiManager Vulnerability Allows Privileged Attacker to Execute Unauthorized Code,"A vulnerability exists in multiple Fortinet products due to a use of externally-controlled format string, exposing the system to potential unauthorized code execution. This flaw allows a privileged attacker to inject specially crafted command arguments that could lead to execution of arbitrary code in the context of the affected application. The vulnerability affects FortiManager versions 7.4.0 to 7.4.1, 7.2.0 to 7.2.3, and versions prior to 7.0.10, as well as FortiAnalyzer in similar version ranges. Additionally, it impacts FortiAnalyzer-BigData versions prior to 7.2.5, and all versions of FortiPortal version 6.0 and 5.3. Users and administrators are urged to update their affected products to the patched versions to mitigate potential risks.",Fortinet,"Fortimanager,Fortianalyzer,Fortiportal",6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-12T15:09:16.279Z,0
CVE-2023-36554,https://securityvulnerability.io/vulnerability/CVE-2023-36554,Unauthorized Code Execution Vulnerability in FortiManager,"A vulnerability exists within Fortinet FortiManager that enables an attacker to gain unauthorized access to the system. This security issue arises from improper access control mechanisms across several versions, permitting unauthorized code execution through specially crafted HTTP requests. Administrators are advised to urgently assess their systems for this vulnerability to prevent potential exploitation that may compromise the security integrity of their networks.",Fortinet,Fortimanager,7.7,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2024-03-12T15:09:16.256Z,0
CVE-2023-42791,https://securityvulnerability.io/vulnerability/CVE-2023-42791,Fortinet FortiManager Path Traversal Vulnerability Allows Unauthorized Code Execution,"A relative path traversal vulnerability exists in Fortinet FortiManager affecting various versions, enabling attackers to perform unauthorized code execution through specially crafted HTTP requests. By exploiting this vulnerability, attackers can manipulate the relative paths used by the application, potentially gaining access to sensitive files and executing unintended commands. Organizations using affected versions of FortiManager should take immediate steps to apply patches and improve their security posture. For more information and guidance, refer to Fortinet's official advisory.",Fortinet,"FortiManager,FortiAnalyzer",8.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-02-20T13:19:20.221Z,0
CVE-2023-44253,https://securityvulnerability.io/vulnerability/CVE-2023-44253,FortiManager Vulnerability Allows Adom Administrator to Enumerate Other Adoms and Device Names,"An exposure of sensitive information vulnerability exists in Fortinet's FortiManager and FortiAnalyzer, where adom administrators can enumerate other administrative domains and device names via specially crafted HTTP or HTTPS requests. This vulnerability affects FortiManager versions 7.4.0 through 7.4.1 and prior versions below 7.2.5, as well as FortiAnalyzer and FortiAnalyzer-BigData in the same version range. Malicious actors could exploit this issue to gain insights into the operational environment and potentially facilitate further attacks.",Fortinet,"Fortimanager,Fortianalyzer",4.7,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-02-15T13:59:24.262Z,0
CVE-2023-40719,https://securityvulnerability.io/vulnerability/CVE-2023-40719,Use of Hard-Coded Credentials in Fortinet FortiAnalyzer and FortiManager Products,"A use of hard-coded credentials vulnerability exists in Fortinet's FortiAnalyzer and FortiManager products across specified versions. This flaw enables attackers to potentially gain unauthorized access to Fortinet's private testing data, compromising the integrity of sensitive information. Users are urged to review their deployment and implement necessary security measures to mitigate this vulnerability.",Fortinet,"Fortianalyzer,Fortimanager",4.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-11-14T19:15:00.000Z,0