cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-12820,https://securityvulnerability.io/vulnerability/CVE-2020-12820,Buffer Overflow Vulnerability in FortiOS Products,"CVE-2020-12820 is a high-severity stack-based buffer overflow vulnerability in FortiOS versions 6.0.10 and earlier, as well as 5.6.12 and earlier. When non-default configurations are applied, an authenticated remote attacker exploiting this vulnerability through the SSL VPN can cause the FortiClient NAC daemon (fcnacd) to crash or, potentially, execute arbitrary code by sending a request with an excessively large FortiClient file name. Although there is currently no known proof of concept that successfully demonstrates remote code execution, the risk posed by this flaw warrants immediate attention and remediation measures.",Fortinet,FortiOS,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-19T10:57:31.517Z,0
CVE-2020-12819,https://securityvulnerability.io/vulnerability/CVE-2020-12819,Heap-Based Buffer Overflow Vulnerability in Fortinet's FortiGate SSL VPN,"CVE-2020-12819 is a high-risk heap-based buffer overflow vulnerability affecting FortiGate security appliances. This flaw is found in the processing of Link Control Protocol (LCP) messages, specifically in versions 5.6.12, 6.0.10, 6.2.4, and 6.4.1, as well as earlier releases. A malicious actor, possessing valid SSL VPN credentials, could exploit this vulnerability by sending a specially crafted large LCP packet while tunnel mode is enabled. The exploitation could lead to the crashing of the SSL VPN daemon, severely impacting the availability of the service. Although arbitrary code execution may be theoretically feasible, the practical risk under typical circumstances is considered low due to the complexity involved in executing such an attack. Users are urged to update their FortiGate software to mitigate this security issue.",Fortinet,FortiOS,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-19T07:40:58.144Z,0
CVE-2024-26011,https://securityvulnerability.io/vulnerability/CVE-2024-26011,Missing Authentication in Fortinet FortiManager and Other Products,"A critical vulnerability affecting several Fortinet products arises from missing authentication mechanisms for vital functions across multiple versions of FortiManager, FortiPAM, FortiProxy, FortiSwitchManager, FortiPortal, and FortiOS. This flaw enables attackers to execute unauthorized commands or code through the transmission of specially crafted packets, posing a serious threat to the integrity and security of systems utilizing these Fortinet products. Immediate action is recommended for organizations relying on any of the impacted versions to mitigate potential exploitation.",Fortinet,FortiOS,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-11-12T19:15:00.000Z,0
CVE-2023-50176,https://securityvulnerability.io/vulnerability/CVE-2023-50176,Session Fixation Vulnerability in Fortinet FortiOS Could Lead to Unauthorized Code Execution,"A session fixation vulnerability in Fortinet FortiOS versions from 7.4.0 to 7.4.3, 7.2.0 to 7.2.7, and 7.0.0 to 7.0.13 enables attackers to execute unauthorized code or commands. By exploiting a phishing SAML authentication link, an attacker could manipulate the session of a legitimate user, allowing malicious actions without their consent. Organizations using the affected FortiOS versions should take immediate action to mitigate the risks associated with this vulnerability to protect against potential breaches.",Fortinet,FortiOS,8.8,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-11-12T18:53:44.324Z,0
CVE-2022-45862,https://securityvulnerability.io/vulnerability/CVE-2022-45862,"Insufficient Session Expiration Vulnerability Affects FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager","An insufficient session expiration vulnerability exists across multiple Fortinet products, including FortiOS and FortiProxy. This vulnerability allows attackers to potentially reuse web sessions even after a user has logged out of the graphical user interface (GUI). If an attacker manages to obtain the necessary credentials, they may exploit this flaw to gain unauthorized access to the system. Affected versions of the products do not implement adequate measures to securely handle user sessions, raising significant security concerns for users. Organizations using these products are advised to review their configurations and update to the latest versions where possible.",Fortinet,"Fortipam,Fortiproxy,FortiOS,Fortiswitchmanager",8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-08-13T15:51:57.147Z,0
CVE-2024-36505,https://securityvulnerability.io/vulnerability/CVE-2024-36505,Improper Access Control Vulnerability May Allow Bypass of File Integrity Checking System,"An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system.",Fortinet,FortiOS,5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T15:51:56.981Z,0
CVE-2024-26010,https://securityvulnerability.io/vulnerability/CVE-2024-26010,Stack-based Buffer Overflow in Fortinet Products,"The stack-based buffer overflow vulnerability reported in various versions of Fortinet products allows attackers to exploit the flaw by sending specially crafted packets. This could potentially lead to execution of unauthorized code or commands within the affected systems, presenting significant security implications for users relying on Fortinet's software solutions. Specific products impacted include FortiPAM, FortiWeb, FortiAuthenticator, FortiSwitchManager, FortiOS, and FortiProxy across multiple versions, thereby necessitating immediate attention and remedial actions by users to safeguard their environments.",Fortinet,"Fortipam,Fortiswitchmanager,FortiOS,Fortiproxy",7.5,HIGH,0.0008800000068731606,false,false,false,false,,false,false,2024-06-11T14:32:03.697Z,0
CVE-2024-21754,https://securityvulnerability.io/vulnerability/CVE-2024-21754,FortiOS Vulnerability Allows Privileged Attacker to Decrypt Backups,"A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.",Fortinet,"Fortiproxy,FortiOS",4.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-11T14:32:01.335Z,0
CVE-2023-46720,https://securityvulnerability.io/vulnerability/CVE-2023-46720,Buffer Overflow Vulnerability in FortiOS Could Allow Execution of Unauthorized Code or Commands,"A stack-based buffer overflow has been identified in Fortinet's FortiOS, affecting various versions. This vulnerability can be exploited by an attacker through specially crafted command-line interface (CLI) commands, leading to the potential execution of unauthorized code or commands within the compromised system. Fortinet has reported affected versions ranging from 6.0.13 to 7.4.1, making it crucial for users to update to secure configurations to prevent exploitation.",Fortinet,FortiOS,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-06-11T14:32:00.582Z,0
CVE-2024-23111,https://securityvulnerability.io/vulnerability/CVE-2024-23111,FortiOS Vulnerability Allows Privileged Attacker to Decrypt Backups,"An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.",Fortinet,"FortiOS,Fortiproxy",4.8,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2024-06-11T14:32:00.312Z,0
CVE-2024-23110,https://securityvulnerability.io/vulnerability/CVE-2024-23110,Buffer Overflow Vulnerability in FortiOS Could Lead to Unauthorized Code Execution,"A vulnerability in Fortinet's FortiOS could allow an attacker to exploit a stack-based buffer overflow by sending specially crafted commands to the system. This flaw affects multiple versions of FortiOS and can lead to unauthorized code execution, potentially compromising the integrity and confidentiality of the affected systems. Security measures are essential to mitigate the risks associated with this vulnerability.",Fortinet,FortiOS,7.8,HIGH,0.0004299999854993075,false,true,false,false,,false,false,2024-06-11T14:31:59.230Z,0
CVE-2023-36640,https://securityvulnerability.io/vulnerability/CVE-2023-36640,Format String Vulnerability in Fortinet FortiProxy and FortiOS Products,"The vulnerability exists due to improper handling of externally-controlled format strings in Fortinet's FortiProxy and FortiOS products. Attackers can exploit this vulnerability by sending specially crafted commands, potentially allowing them to execute unauthorized code or commands. Affected versions include FortiProxy versions 7.2.0 to 7.2.4, 7.0.0 to 7.0.10, among others, and FortiOS versions 7.2.0, 7.0.0 to 7.0.12, and older versions. Organizations using these products should evaluate their exposure and apply necessary security measures promptly.",Fortinet,"Fortiproxy,Fortipam,FortiOS",6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T16:19:21.747Z,0
CVE-2023-45583,https://securityvulnerability.io/vulnerability/CVE-2023-45583,Format String Vulnerability in Fortinet FortiProxy and FortiOS Products,"A format string vulnerability exists in certain versions of Fortinet's FortiProxy, FortiOS, and FortiSwitchManager products due to inadequate validation of external input. This weakness allows an attacker to execute arbitrary code or commands by crafting specific command-line interface (CLI) commands and HTTP requests. The vulnerability impacts multiple versions across various Fortinet products, consequently posing a significant risk to affected systems.",Fortinet,"Fortiproxy,Fortipam,Fortiswitchmanager,FortiOS",7.2,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-05-14T16:19:18.797Z,0
CVE-2023-46714,https://securityvulnerability.io/vulnerability/CVE-2023-46714,Stack-Based Buffer Overflow Vulnerability in Fortinet FortiOS,"A stack-based buffer overflow vulnerability exists in Fortinet FortiOS, affecting versions 7.2.1 through 7.2.6 and versions 7.4.0 through 7.4.1. This flaw allows a privileged attacker to exploit the administrative interface, potentially leading to the execution of arbitrary code or commands by sending specially crafted HTTP or HTTPS requests. Organizations utilizing the affected FortiOS versions are urged to review their security configurations and apply necessary patches to mitigate this vulnerability.",Fortinet,FortiOS,7.2,HIGH,0.00046999999904073775,false,false,false,false,,false,false,2024-05-14T16:19:13.614Z,0
CVE-2023-44247,https://securityvulnerability.io/vulnerability/CVE-2023-44247,Double Free Vulnerability in Fortinet FortiOS,"A double free vulnerability exists in Fortinet FortiOS that can be exploited by a privileged attacker. This vulnerability allows for the execution of arbitrary code or commands through carefully crafted HTTP or HTTPS requests. Organizations using affected versions of FortiOS, specifically those prior to 7.0.0, should prioritize updates and mitigate risk through proper security measures to safeguard their systems against potential exploitation.",Fortinet,FortiOS,7.2,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-05-14T16:19:13.178Z,0
CVE-2023-45586,https://securityvulnerability.io/vulnerability/CVE-2023-45586,,"An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.",Fortinet,"Fortiproxy,FortiOS",4.7,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-05-14T16:19:09.998Z,0
CVE-2024-26007,https://securityvulnerability.io/vulnerability/CVE-2024-26007,Improper Handling of Exceptional Conditions Vulnerability in Fortinet FortiOS,"The vulnerability in Fortinet FortiOS version 7.4.1 is characterized by an improper check or handling of exceptional conditions, which could allow an unauthenticated attacker to execute crafted HTTP requests. This situation can lead to a denial of service on the administrative interface, potentially disrupting management operations and affecting the availability of the system. Users of the affected version should review the associated security advisory and implement necessary mitigations promptly.",Fortinet,FortiOS,7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-05-14T16:19:08.407Z,0
CVE-2023-48784,https://securityvulnerability.io/vulnerability/CVE-2023-48784,Arbitrary Code Execution Vulnerability in FortiOS Command Line Interface,"A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.",Fortinet,FortiOS,6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-09T14:24:24.971Z,0
CVE-2023-41677,https://securityvulnerability.io/vulnerability/CVE-2023-41677,Unauthorized Code Execution via Targeted Social Engineering Attack,"A vulnerability has been identified in Fortinet's FortiProxy and FortiOS products due to insufficiently protected credentials. This weakness allows an attacker to potentially execute unauthorized code or commands through a targeted social engineering attack. The affected versions span multiple releases of both FortiProxy and FortiOS, necessitating immediate action from users to mitigate potential threats associated with compromised credential protection.",Fortinet,"FortiOS,Fortiproxy",8.8,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-04-09T14:24:21.614Z,0
CVE-2024-23662,https://securityvulnerability.io/vulnerability/CVE-2024-23662,Fortinet FortiOS Information Disclosure Vulnerability,"The vulnerability in Fortinet FortiOS can potentially expose sensitive information to unauthorized actors. This is achievable through HTTP requests sent to the affected versions of FortiOS, which range from 6.4.0 through 7.4.1. An attacker can exploit this flaw to gain unauthorized access to data, which may lead to further security breaches within affected systems. Organizations using these versions should prioritize immediate updates and patches to mitigate potential risks and protect sensitive information.",Fortinet,FortiOS,7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2024-04-09T14:24:18.538Z,0
CVE-2023-46717,https://securityvulnerability.io/vulnerability/CVE-2023-46717,Improper Authentication Vulnerability in FortiOS Could Allow Read-Write Access via Successive Login Attempts,"An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts.",Fortinet,FortiOS,6.7,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2024-03-12T15:09:19.790Z,0
CVE-2023-42789,https://securityvulnerability.io/vulnerability/CVE-2023-42789,Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution via HTTP Requests,"An out-of-bounds write vulnerability exists in Fortinet's FortiOS and FortiProxy, affecting several versions across both products. This flaw allows an attacker to craft specific HTTP requests that can lead to the execution of unauthorized commands or code. As a result, potential impacts include compromising the integrity and availability of the affected systems, making timely updates and patching critical for maintaining security.",Fortinet,"FortiOS,Fortipam,Fortiproxy",9.3,CRITICAL,0.000910000002477318,false,false,false,true,true,false,false,2024-03-12T15:09:18.416Z,0
CVE-2024-23112,https://securityvulnerability.io/vulnerability/CVE-2024-23112,Authorization Bypass through User-Controlled Key Vulnerability,"An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation.",Fortinet,"Fortios,Fortiproxy",4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-03-12T15:09:17.877Z,0
CVE-2023-42790,https://securityvulnerability.io/vulnerability/CVE-2023-42790,Buffer Overflow Vulnerability in FortiOS Could Allow Execution of Unauthorized Code,"A stack-based buffer overflow vulnerability exists in Fortinet's FortiOS and FortiProxy products, spanning multiple versions. This weakness allows attackers to execute unauthorized commands or code by sending specially crafted HTTP requests to the affected systems. The vulnerability affects various FortiOS versions from 6.2.0 up to 7.4.1 and FortiProxy versions up to 7.4.0. Network security implementations utilizing these products may be at risk, necessitating immediate attention to apply the necessary patches or mitigation strategies.",Fortinet,"FortiOS,Fortiproxy",7.7,HIGH,0.0008800000068731606,false,false,false,false,,false,false,2024-03-12T15:09:17.594Z,0
CVE-2023-29180,https://securityvulnerability.io/vulnerability/CVE-2023-29180,Fortinet FortiOS Vulnerability Allows Denial of Service via Specially Crafted HTTP Requests,"A null pointer dereference vulnerability exists in Fortinet's FortiOS and FortiProxy products that may allow an attacker to trigger a denial of service condition. This vulnerability affects multiple versions of FortiOS (7.2.0 to 7.2.4, 7.0.0 to 7.0.11, 6.4.0 to 6.4.12, 6.2.0 to 6.2.14, and 6.0.0 to 6.0.16) and FortiProxy (7.2.0 to 7.2.3, 7.0.0 to 7.0.10, 2.0.0 to 2.0.12, 1.2.0 to 1.2.13, 1.1.0 to 1.1.6, and 1.0.0 to 1.0.7). The vulnerability is exploited through specially crafted HTTP requests, making it critical for users to ensure that their systems are promptly updated to mitigate potential service interruptions.",Fortinet,"FortiOS,Fortiproxy",7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-02-22T09:40:16.463Z,0