cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-45862,https://securityvulnerability.io/vulnerability/CVE-2022-45862,"Insufficient Session Expiration Vulnerability Affects FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager","An insufficient session expiration vulnerability exists across multiple Fortinet products, including FortiOS and FortiProxy. This vulnerability allows attackers to potentially reuse web sessions even after a user has logged out of the graphical user interface (GUI). If an attacker manages to obtain the necessary credentials, they may exploit this flaw to gain unauthorized access to the system. Affected versions of the products do not implement adequate measures to securely handle user sessions, raising significant security concerns for users. Organizations using these products are advised to review their configurations and update to the latest versions where possible.",Fortinet,"Fortipam,Fortiproxy,FortiOS,Fortiswitchmanager",8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-08-13T15:51:57.147Z,0
CVE-2024-26010,https://securityvulnerability.io/vulnerability/CVE-2024-26010,Stack-based Buffer Overflow in Fortinet Products,"The stack-based buffer overflow vulnerability reported in various versions of Fortinet products allows attackers to exploit the flaw by sending specially crafted packets. This could potentially lead to execution of unauthorized code or commands within the affected systems, presenting significant security implications for users relying on Fortinet's software solutions. Specific products impacted include FortiPAM, FortiWeb, FortiAuthenticator, FortiSwitchManager, FortiOS, and FortiProxy across multiple versions, thereby necessitating immediate attention and remedial actions by users to safeguard their environments.",Fortinet,"Fortipam,Fortiswitchmanager,FortiOS,Fortiproxy",7.5,HIGH,0.0008800000068731606,false,false,false,false,,false,false,2024-06-11T14:32:03.697Z,0
CVE-2023-36640,https://securityvulnerability.io/vulnerability/CVE-2023-36640,Format String Vulnerability in Fortinet FortiProxy and FortiOS Products,"The vulnerability exists due to improper handling of externally-controlled format strings in Fortinet's FortiProxy and FortiOS products. Attackers can exploit this vulnerability by sending specially crafted commands, potentially allowing them to execute unauthorized code or commands. Affected versions include FortiProxy versions 7.2.0 to 7.2.4, 7.0.0 to 7.0.10, among others, and FortiOS versions 7.2.0, 7.0.0 to 7.0.12, and older versions. Organizations using these products should evaluate their exposure and apply necessary security measures promptly.",Fortinet,"Fortiproxy,Fortipam,FortiOS",6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T16:19:21.747Z,0
CVE-2023-45583,https://securityvulnerability.io/vulnerability/CVE-2023-45583,Format String Vulnerability in Fortinet FortiProxy and FortiOS Products,"A format string vulnerability exists in certain versions of Fortinet's FortiProxy, FortiOS, and FortiSwitchManager products due to inadequate validation of external input. This weakness allows an attacker to execute arbitrary code or commands by crafting specific command-line interface (CLI) commands and HTTP requests. The vulnerability impacts multiple versions across various Fortinet products, consequently posing a significant risk to affected systems.",Fortinet,"Fortiproxy,Fortipam,Fortiswitchmanager,FortiOS",7.2,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-05-14T16:19:18.797Z,0
CVE-2023-42789,https://securityvulnerability.io/vulnerability/CVE-2023-42789,Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution via HTTP Requests,"An out-of-bounds write vulnerability exists in Fortinet's FortiOS and FortiProxy, affecting several versions across both products. This flaw allows an attacker to craft specific HTTP requests that can lead to the execution of unauthorized commands or code. As a result, potential impacts include compromising the integrity and availability of the affected systems, making timely updates and patching critical for maintaining security.",Fortinet,"FortiOS,Fortipam,Fortiproxy",9.3,CRITICAL,0.000910000002477318,false,false,false,true,true,false,false,2024-03-12T15:09:18.416Z,0
CVE-2023-29181,https://securityvulnerability.io/vulnerability/CVE-2023-29181,Format String Vulnerability in Fortinet FortiOS and FortiProxy,"A vulnerability exists in Fortinet's FortiOS and FortiProxy products, allowing an attacker to exploit externally-controlled format strings. This weakness spans multiple versions of FortiOS from 6.0.0 to 7.2.4 and FortiProxy from 1.0.0 to 7.2.4. Attackers can craft specific commands that may result in unauthorized code execution or command execution. Users of affected versions are encouraged to implement security measures to mitigate potential risks.",Fortinet,"Fortipam,FortiOS,Fortiproxy",8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-02-22T09:40:06.212Z,0
CVE-2024-23113,https://securityvulnerability.io/vulnerability/CVE-2024-23113,Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution,"A vulnerability exists in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager products, allowing attackers to manipulate externally controlled format strings. This weakness enables the execution of unauthorized code or commands through specially crafted packets. Organizations using affected versions should prioritize remediation measures, as exploitation can lead to significant security breaches and data compromises.",Fortinet,"Fortiswitchmanager,FortiOS,Fortipam,Fortiproxy",9.8,CRITICAL,0.021080000326037407,true,true,false,true,true,true,true,2024-02-15T13:59:25.313Z,20538
CVE-2023-37934,https://securityvulnerability.io/vulnerability/CVE-2023-37934,Denial of Service Vulnerability in FortiPAM,"FortiPAM versions prior to the latest release are susceptible to a resource allocation vulnerability that allows an authenticated user to execute a denial of service (DoS) attack. By sending specially crafted HTTP or HTTPS requests at a high frequency, an attacker can overwhelm the system's resources. This flaw, identified within the context of secured web services, can lead to the unavailability of critical functions, impacting operational continuity for organizations utilizing FortiPAM for privileged access management. Mitigation strategies should be debated, prioritizing upgrade paths and traffic monitoring to detect potential exploit attempts.",Fortinet,FortiPAM,6.5,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-01-10T17:51:36.939Z,0
CVE-2023-41678,https://securityvulnerability.io/vulnerability/CVE-2023-41678,Double Free Vulnerability in Fortinet FortiOS and FortiPAM,"A double free vulnerability exists in Fortinet FortiOS and FortiPAM that could allow an attacker to execute unauthorized code or commands. The flaw affects specific versions of FortiOS (7.0.0 to 7.0.5) and FortiPAM (1.0.0 to 1.0.3, 1.1.0 to 1.1.1). An attacker can exploit this by sending a specially crafted request, leading to potential unauthorized actions within the affected systems.",Fortinet,"FortiOS,FortiPAM",8.3,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2023-12-13T07:15:00.000Z,0
CVE-2023-36639,https://securityvulnerability.io/vulnerability/CVE-2023-36639,Use of Externally-Controlled Format String in Fortinet FortiProxy and FortiOS,"A vulnerability exists in Fortinet's FortiProxy and FortiOS due to improper handling of externally-controlled format strings. This flaw affects multiple versions and could enable an attacker to send specifically crafted API requests, leading to unauthorized execution of code or commands. Users of the affected Fortinet products should take immediate steps to mitigate this vulnerability to secure their systems.",Fortinet,"FortiOS,FortiPAM,FortiProxy",7,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2023-12-13T07:15:00.000Z,0