cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-32589,https://securityvulnerability.io/vulnerability/CVE-2021-32589,Use After Free Vulnerability in Fortinet FortiManager and FortiAnalyzer,"CVE-2021-32589 is a high-severity vulnerability discovered in Fortinet's FortiManager and FortiAnalyzer products. This vulnerability arises from a use after free scenario, which could allow an attacker to execute unauthorized code or commands on the affected systems. Exploiting this flaw could lead to significant security breaches, making it critical for users to apply recommended patches and updates immediately to protect their infrastructure. For more details, refer to the official Fortinet security advisory.",Fortinet,"Fortimanager,Fortianalyzer",7.7,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-19T12:22:32.543Z,0
CVE-2024-48889,https://securityvulnerability.io/vulnerability/CVE-2024-48889,OS Command Injection Vulnerability in FortiManager by Fortinet,"The vulnerability presents an OS Command Injection risk, where improper neutralization of special elements allows an authenticated remote attacker to execute unauthorized commands. This affects multiple versions of FortiManager and FortiManager Cloud, posing significant security risks if exploited. Crafting specific FGFM requests could enable attackers to run arbitrary code, potentially compromising the integrity and availability of the affected systems.",Fortinet,Fortimanager,7.2,HIGH,0.0004299999854993075,false,true,false,false,,false,false,2024-12-18T13:15:00.000Z,0
CVE-2023-44255,https://securityvulnerability.io/vulnerability/CVE-2023-44255,Potential Exposure of Sensitive Information Through Crafted HTTP or HTTPS Requests,"In Fortinet FortiManager prior to version 7.4.2, FortiAnalyzer prior to version 7.4.2, and FortiAnalyzer-BigData prior to version 7.2.5, an exposure of sensitive information allows a privileged attacker with administrative read permissions to potentially access event logs pertaining to another Administrative Domain (ADOM) through specially crafted HTTP or HTTPS requests. This flaw highlights the importance of securing event log access and ensuring that sensitive information remains isolated within configured administrative boundaries.",Fortinet,"Fortimanager,Fortianalyzer",3.9,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T18:53:53.585Z,0
CVE-2024-47575,https://securityvulnerability.io/vulnerability/CVE-2024-47575,Specially crafted requests can execute arbitrary code or commands in FortiManager,"A critical security vulnerability exists in Fortinet's FortiManager products due to missing authentication for a critical function. This flaw enables attackers to send specially crafted requests that may allow arbitrary code execution or command execution on the affected devices. This vulnerability affects multiple versions of FortiManager and FortiManager Cloud, emphasizing the need for immediate attention and remediation to safeguard systems against potential exploitation.",Fortinet,Fortimanager,9.8,CRITICAL,0.8714600205421448,true,true,true,true,true,true,true,2024-10-23T15:15:00.000Z,36364
CVE-2024-33506,https://securityvulnerability.io/vulnerability/CVE-2024-33506,Unauthorized Access to Sensitive Information via Crafted HTTP Requests,"An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests.",Fortinet,Fortimanager,3.1,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-10-08T14:19:03.883Z,0
CVE-2023-44254,https://securityvulnerability.io/vulnerability/CVE-2023-44254,Remote Sensitive Data Read with Low Privileges,"A vulnerability exists in Fortinet's FortiAnalyzer and FortiManager products that allows an attacker to bypass authorization controls due to user-controlled key handling. This weakness permits a remote attacker with minimal privileges to gain access to sensitive information by sending specially crafted HTTP requests. This action exploits the inadequacies in the authorization mechanisms of the affected software versions, raising significant security concerns for organizations using these products in their infrastructure.",Fortinet,"Fortianalyzer,Fortimanager",6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-09-10T14:37:45.294Z,0
CVE-2024-21757,https://securityvulnerability.io/vulnerability/CVE-2024-21757,FortiManager Password Modification Vulnerability,"The vulnerability identifies a significant security issue in Fortinet's FortiManager and FortiAnalyzer products where an unverified password change can occur. Specifically, versions 7.0.0 through 7.0.10, 7.2.0 through 7.2.4, and 7.4.0 through 7.4.1 are susceptible. An attacker can exploit this flaw to modify administrative passwords using the device configuration backup. This vulnerability underscores the necessity for implementing robust security measures and caution during backup operations.",Fortinet,"Fortimanager,Fortianalyzer",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T15:51:57.495Z,0
CVE-2023-47542,https://securityvulnerability.io/vulnerability/CVE-2023-47542,FortiManager Template Engine Vulnerability Allows Unauthorized Code Execution,"A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.",Fortinet,Fortimanager,6.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-09T14:24:24.616Z,0
CVE-2023-41842,https://securityvulnerability.io/vulnerability/CVE-2023-41842,FortiManager Vulnerability Allows Privileged Attacker to Execute Unauthorized Code,"A vulnerability exists in multiple Fortinet products due to a use of externally-controlled format string, exposing the system to potential unauthorized code execution. This flaw allows a privileged attacker to inject specially crafted command arguments that could lead to execution of arbitrary code in the context of the affected application. The vulnerability affects FortiManager versions 7.4.0 to 7.4.1, 7.2.0 to 7.2.3, and versions prior to 7.0.10, as well as FortiAnalyzer in similar version ranges. Additionally, it impacts FortiAnalyzer-BigData versions prior to 7.2.5, and all versions of FortiPortal version 6.0 and 5.3. Users and administrators are urged to update their affected products to the patched versions to mitigate potential risks.",Fortinet,"Fortimanager,Fortianalyzer,Fortiportal",6.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-03-12T15:09:16.279Z,0
CVE-2023-36554,https://securityvulnerability.io/vulnerability/CVE-2023-36554,Unauthorized Code Execution Vulnerability in FortiManager,"A vulnerability exists within Fortinet FortiManager that enables an attacker to gain unauthorized access to the system. This security issue arises from improper access control mechanisms across several versions, permitting unauthorized code execution through specially crafted HTTP requests. Administrators are advised to urgently assess their systems for this vulnerability to prevent potential exploitation that may compromise the security integrity of their networks.",Fortinet,Fortimanager,7.7,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-03-12T15:09:16.256Z,0
CVE-2023-42791,https://securityvulnerability.io/vulnerability/CVE-2023-42791,Fortinet FortiManager Path Traversal Vulnerability Allows Unauthorized Code Execution,"A relative path traversal vulnerability exists in Fortinet FortiManager affecting various versions, enabling attackers to perform unauthorized code execution through specially crafted HTTP requests. By exploiting this vulnerability, attackers can manipulate the relative paths used by the application, potentially gaining access to sensitive files and executing unintended commands. Organizations using affected versions of FortiManager should take immediate steps to apply patches and improve their security posture. For more information and guidance, refer to Fortinet's official advisory.",Fortinet,"FortiManager,FortiAnalyzer",8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-02-20T13:19:20.221Z,0
CVE-2023-44253,https://securityvulnerability.io/vulnerability/CVE-2023-44253,FortiManager Vulnerability Allows Adom Administrator to Enumerate Other Adoms and Device Names,"An exposure of sensitive information vulnerability exists in Fortinet's FortiManager and FortiAnalyzer, where adom administrators can enumerate other administrative domains and device names via specially crafted HTTP or HTTPS requests. This vulnerability affects FortiManager versions 7.4.0 through 7.4.1 and prior versions below 7.2.5, as well as FortiAnalyzer and FortiAnalyzer-BigData in the same version range. Malicious actors could exploit this issue to gain insights into the operational environment and potentially facilitate further attacks.",Fortinet,"Fortimanager,Fortianalyzer",4.7,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-02-15T13:59:24.262Z,0
CVE-2023-40719,https://securityvulnerability.io/vulnerability/CVE-2023-40719,,"A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials.",Fortinet,"Fortianalyzer,Fortimanager",4.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-11-14T19:15:00.000Z,0
CVE-2023-44256,https://securityvulnerability.io/vulnerability/CVE-2023-44256,,"A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.",Fortinet,"Fortianalyzer,Fortimanager",6.4,MEDIUM,0.0019499999471008778,false,false,false,false,,false,false,2023-10-20T10:15:00.000Z,0
CVE-2023-25607,https://securityvulnerability.io/vulnerability/CVE-2023-25607,"OS Command Injection Vulnerability in FortiManager, FortiAnalyzer, and FortiADC","This vulnerability arises from inadequate neutralization of special elements used in OS commands within FortiManager, FortiAnalyzer, and FortiADC management interfaces. It potentially allows an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell through unsafe usage of the wordexp function. This could lead to unauthorized access and manipulation of the underlying system.",Fortinet,"Fortianalyzer,Fortimanager,Fortiadc",7.4,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-41838,https://securityvulnerability.io/vulnerability/CVE-2023-41838,,An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.,Fortinet,"Fortianalyzer,Fortimanager",6.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-42787,https://securityvulnerability.io/vulnerability/CVE-2023-42787,,A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.,Fortinet,"FortiManager,FortiAnalyzer",6.5,MEDIUM,0.001970000099390745,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-42788,https://securityvulnerability.io/vulnerability/CVE-2023-42788,OS Command Injection Vulnerability in FortiManager and FortiAnalyzer by Fortinet,"An OS command injection vulnerability exists in FortiManager and FortiAnalyzer that may allow a local attacker with limited privileges to execute arbitrary code. This vulnerability arises from improper handling of specially crafted arguments to CLI commands in various versions. Successful exploitation could lead to unauthorized actions on the system, making it essential for users to apply appropriate security measures and software updates as outlined in Fortinet's advisory.",Fortinet,"Fortianalyzer,Fortimanager",7.6,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-44249,https://securityvulnerability.io/vulnerability/CVE-2023-44249,,An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.,Fortinet,"FortiManager,FortiAnalyzer",6.5,MEDIUM,0.0006000000284984708,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-41679,https://securityvulnerability.io/vulnerability/CVE-2023-41679,Improper Access Control in FortiManager Management Interface,"An improper access control vulnerability exists in the FortiManager management interface that may allow a remote and authenticated attacker, possessing at least 'device management' permissions and belonging to a specific Administrative Domain (ADOM), to modify and delete Command Line Interface (CLI) scripts across different ADOMs. This vulnerability could compromise the system's integrity and security, posing a significant risk to users and organizations utilizing the affected FortiManager versions.",Fortinet,Fortimanager,7.7,HIGH,0.0006099999882280827,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-36638,https://securityvulnerability.io/vulnerability/CVE-2023-36638,,"An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.",Fortinet,"Fortimanager,Fortianalyzer",4.2,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2023-09-13T13:15:00.000Z,0
CVE-2022-22305,https://securityvulnerability.io/vulnerability/CVE-2022-22305,,"An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.",Fortinet,"Fortianalyzer,Fortisandbox,Fortimanager",5.4,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2023-09-01T11:43:03.878Z,0
CVE-2021-43072,https://securityvulnerability.io/vulnerability/CVE-2021-43072,"Buffer Overflow in Fortinet FortiAnalyzer, FortiManager, and FortiOS","A buffer copy without size checks vulnerability exists in Fortinet's FortiAnalyzer, FortiManager, FortiOS, and FortiProxy products. This flaw allows attackers to execute unauthorized commands or code through specially crafted CLI operations such as `execute restore image` and `execute certificate remote`, leveraging the tFTP protocol. Affected versions span various releases, creating significant risks for systems that remain unpatched.",Fortinet,"Fortianalyzer,Fortimanager",6.3,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T00:01:04.306Z,0
CVE-2023-25606,https://securityvulnerability.io/vulnerability/CVE-2023-25606,,"An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4  all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.",Fortinet,"Fortimanager,Fortianalyzer",6.2,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2023-07-11T17:15:00.000Z,0
CVE-2023-25609,https://securityvulnerability.io/vulnerability/CVE-2023-25609,,"A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests.",Fortinet,"Fortianalyzer,Fortimanager",4.2,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0