cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24472,https://securityvulnerability.io/vulnerability/CVE-2025-24472,Authentication Bypass Vulnerability in FortiOS and FortiProxy Products,"A vulnerability exists in FortiOS and FortiProxy that allows remote attackers to gain unauthorized super-admin privileges. This vulnerability exploits crafted CSF proxy requests, potentially enabling attackers to bypass authentication protocols. The flaw affects versions 7.0.0 through 7.0.16 of FortiOS and various versions of FortiProxy, making it critical for users to update to secure their systems against unauthorized access.",Fortinet,"FortiOS,Fortiproxy",8.1,HIGH,0.01,false,,true,false,true,2025-02-11T20:25:59.000Z,false,false,false,,2025-02-11T16:50:42.207Z,1241
CVE-2023-40721,https://securityvulnerability.io/vulnerability/CVE-2023-40721,"Externally-Controlled Format String Vulnerability in Fortinet FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager","A vulnerability exists in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager allowing privileged attackers to execute arbitrary code or commands. This occurs due to the improper handling of externally-controlled format strings, leaving the affected products susceptible to specially crafted requests that can manipulate program execution.",Fortinet,"FortiOS,Fortiswitchmanager,Fortiproxy,Fortipam",6.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T16:09:06.077Z,0
CVE-2022-23439,https://securityvulnerability.io/vulnerability/CVE-2022-23439,External Resource Referencing Vulnerability in Fortinet Products,"This vulnerability in Fortinet products allows attackers to perform web cache poisoning through specially crafted HTTP requests. By manipulating the 'Host' header to point to a malicious web server, an adversary can inject harmful resources into the cache, potentially impacting the integrity and availability of cached content for users. Multiple Fortinet products are affected, creating a significant security risk that necessitates prompt updates and remediation.",Fortinet,"Fortitester,FortiOS,Fortimail,Fortiswitch,Fortiddos-f,Fortiproxy,Fortirecorder,Fortindr,Fortiadc,Fortimanager,Fortisoar,Fortivoice,Fortiddos,Fortiwlc,Fortianalyzer,Fortiportal,Fortiauthenticator",4.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T10:15:00.000Z,0
CVE-2024-48884,https://securityvulnerability.io/vulnerability/CVE-2024-48884,Path Traversal Vulnerability in Fortinet FortiManager and Related Products,"A path traversal flaw in Fortinet's FortiManager and associated products allows attackers to exploit improperly limited paths to access restricted directories. This vulnerability could allow an unauthorized escalation of privileges through carefully crafted packets, putting sensitive data and functionalities at risk. Fortinet has outlined the affected versions across several product lines, highlighting the need for immediate attention and remediation.",Fortinet,"Fortimanager,FortiOS,Fortiproxy",9.1,CRITICAL,0.0004799999878741801,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-54021,https://securityvulnerability.io/vulnerability/CVE-2024-54021,HTTP Response Splitting Vulnerability in Fortinet FortiOS and FortiProxy,"An improper neutralization of CRLF sequences in HTTP headers has been identified in Fortinet FortiOS versions 7.2.0 through 7.6.0 and FortiProxy versions 7.2.0 through 7.4.5. This vulnerability enables attackers to craft malicious HTTP headers, which could lead to unauthorized code execution or command execution on vulnerable systems. Fortinet users are advised to apply security patches to mitigate potential risks associated with this flaw.",Fortinet,"FortiOS,Fortiproxy",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-55591,https://securityvulnerability.io/vulnerability/CVE-2024-55591,Remote Attackers Can Gain Super-Admin Privileges via Crafted Requests to Node.js Websocket Module,"A vulnerability exists in FortiOS and FortiProxy that allows a remote attacker to exploit an authentication bypass through crafted requests targeting the Node.js websocket module. This weakness could enable unauthorized users to attain super-admin privileges, compromising system security. Users of affected versions should take immediate action to mitigate risks by updating to the latest software versions.",Fortinet,"FortiOS,Fortiproxy",9.8,CRITICAL,0.026340000331401825,true,2025-01-14T00:00:00.000Z,true,true,true,2025-01-14T19:57:47.000Z,true,true,true,2025-01-16T04:52:02.516Z,2025-01-14T14:15:00.000Z,23558
CVE-2024-33510,https://securityvulnerability.io/vulnerability/CVE-2024-33510,Injection Vulnerability in FortiOS and FortiProxy Products by Fortinet,"An improper neutralization of special elements in output used by a downstream component vulnerability exists in specific versions of FortiOS and FortiProxy, which allows an unauthenticated remote attacker to craft malicious requests. This could lead to phishing attempts via the SSL-VPN web user interface, potentially compromising sensitive information.",Fortinet,"FortiOS,Fortiproxy",4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-12T19:15:00.000Z,0
CVE-2022-45862,https://securityvulnerability.io/vulnerability/CVE-2022-45862,"Insufficient Session Expiration Vulnerability Affects FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager","An insufficient session expiration vulnerability exists across multiple Fortinet products, including FortiOS and FortiProxy. This vulnerability allows attackers to potentially reuse web sessions even after a user has logged out of the graphical user interface (GUI). If an attacker manages to obtain the necessary credentials, they may exploit this flaw to gain unauthorized access to the system. Affected versions of the products do not implement adequate measures to securely handle user sessions, raising significant security concerns for users. Organizations using these products are advised to review their configurations and update to the latest versions where possible.",Fortinet,"Fortipam,Fortiproxy,FortiOS,Fortiswitchmanager",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-08-13T15:51:57.147Z,0
CVE-2024-26015,https://securityvulnerability.io/vulnerability/CVE-2024-26015,IP Address Validation Flaw in Fortinet FortiProxy and FortiOS,"A vulnerability in Fortinet's FortiProxy and FortiOS allows an unauthenticated attacker to exploit improper number parsing in the IP address validation feature. This flaw enables attackers to bypass configured IP blocklists by sending crafted requests, potentially compromising security protocols intended to protect sensitive systems and data. Affected versions must be updated to mitigate this risk.",Fortinet,Fortiproxy,4.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-09T16:15:00.000Z,0
CVE-2024-26010,https://securityvulnerability.io/vulnerability/CVE-2024-26010,Stack-based Buffer Overflow in Fortinet Products,"The stack-based buffer overflow vulnerability reported in various versions of Fortinet products allows attackers to exploit the flaw by sending specially crafted packets. This could potentially lead to execution of unauthorized code or commands within the affected systems, presenting significant security implications for users relying on Fortinet's software solutions. Specific products impacted include FortiPAM, FortiWeb, FortiAuthenticator, FortiSwitchManager, FortiOS, and FortiProxy across multiple versions, thereby necessitating immediate attention and remedial actions by users to safeguard their environments.",Fortinet,"Fortipam,Fortiswitchmanager,FortiOS,Fortiproxy",7.5,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2024-06-11T14:32:03.697Z,0
CVE-2024-21754,https://securityvulnerability.io/vulnerability/CVE-2024-21754,FortiOS Vulnerability Allows Privileged Attacker to Decrypt Backups,"A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.",Fortinet,"Fortiproxy,FortiOS",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-11T14:32:01.335Z,0
CVE-2024-23111,https://securityvulnerability.io/vulnerability/CVE-2024-23111,FortiOS Vulnerability Allows Privileged Attacker to Decrypt Backups,"An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.",Fortinet,"FortiOS,Fortiproxy",4.8,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-10-28T02:39:00.000Z,true,false,false,,2024-06-11T14:32:00.312Z,0
CVE-2023-36640,https://securityvulnerability.io/vulnerability/CVE-2023-36640,Format String Vulnerability in Fortinet FortiProxy and FortiOS Products,"The vulnerability exists due to improper handling of externally-controlled format strings in Fortinet's FortiProxy and FortiOS products. Attackers can exploit this vulnerability by sending specially crafted commands, potentially allowing them to execute unauthorized code or commands. Affected versions include FortiProxy versions 7.2.0 to 7.2.4, 7.0.0 to 7.0.10, among others, and FortiOS versions 7.2.0, 7.0.0 to 7.0.12, and older versions. Organizations using these products should evaluate their exposure and apply necessary security measures promptly.",Fortinet,"Fortiproxy,Fortipam,FortiOS",6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-14T16:19:21.747Z,0
CVE-2023-45583,https://securityvulnerability.io/vulnerability/CVE-2023-45583,Format String Vulnerability in Fortinet FortiProxy and FortiOS Products,"A format string vulnerability exists in certain versions of Fortinet's FortiProxy, FortiOS, and FortiSwitchManager products due to inadequate validation of external input. This weakness allows an attacker to execute arbitrary code or commands by crafting specific command-line interface (CLI) commands and HTTP requests. The vulnerability impacts multiple versions across various Fortinet products, consequently posing a significant risk to affected systems.",Fortinet,"Fortiproxy,Fortipam,Fortiswitchmanager,FortiOS",7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-05-14T16:19:18.797Z,0
CVE-2023-45586,https://securityvulnerability.io/vulnerability/CVE-2023-45586,Insufficient Data Verification in Fortinet FortiOS and FortiProxy SSL-VPN,"An insufficient verification of data authenticity vulnerability in Fortinet's FortiOS and FortiProxy SSL-VPN tunnel modes permits an authenticated user to spoof the IP address of another user. This occurs through the utilization of crafted network packets, allowing for potentially undetected unauthorized access to systems within the same network scope. Versions affected include FortiOS from 7.4.0 to 7.4.1, 7.2.0 to 7.2.7, and prior to 7.0.12, alongside FortiProxy in similar versions. Organizations should assess and apply available security measures.",Fortinet,"Fortiproxy,FortiOS",4.7,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-14T16:19:09.998Z,0
CVE-2023-41677,https://securityvulnerability.io/vulnerability/CVE-2023-41677,Unauthorized Code Execution via Targeted Social Engineering Attack,"A vulnerability has been identified in Fortinet's FortiProxy and FortiOS products due to insufficiently protected credentials. This weakness allows an attacker to potentially execute unauthorized code or commands through a targeted social engineering attack. The affected versions span multiple releases of both FortiProxy and FortiOS, necessitating immediate action from users to mitigate potential threats associated with compromised credential protection.",Fortinet,"FortiOS,Fortiproxy",8.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-04-09T14:24:21.614Z,0
CVE-2023-42789,https://securityvulnerability.io/vulnerability/CVE-2023-42789,Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution via HTTP Requests,"An out-of-bounds write vulnerability exists in Fortinet's FortiOS and FortiProxy, affecting several versions across both products. This flaw allows an attacker to craft specific HTTP requests that can lead to the execution of unauthorized commands or code. As a result, potential impacts include compromising the integrity and availability of the affected systems, making timely updates and patching critical for maintaining security.",Fortinet,"FortiOS,Fortipam,Fortiproxy",9.3,CRITICAL,0.0010499999625608325,false,,false,false,true,2024-03-28T17:59:12.000Z,true,false,false,,2024-03-12T15:09:18.416Z,0
CVE-2024-23112,https://securityvulnerability.io/vulnerability/CVE-2024-23112,Authorization Bypass through User-Controlled Key Vulnerability,"An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation.",Fortinet,"Fortios,Fortiproxy",4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-03-12T15:09:17.877Z,0
CVE-2023-42790,https://securityvulnerability.io/vulnerability/CVE-2023-42790,Buffer Overflow Vulnerability in FortiOS Could Allow Execution of Unauthorized Code,"A stack-based buffer overflow vulnerability exists in Fortinet's FortiOS and FortiProxy products, spanning multiple versions. This weakness allows attackers to execute unauthorized commands or code by sending specially crafted HTTP requests to the affected systems. The vulnerability affects various FortiOS versions from 6.2.0 up to 7.4.1 and FortiProxy versions up to 7.4.0. Network security implementations utilizing these products may be at risk, necessitating immediate attention to apply the necessary patches or mitigation strategies.",Fortinet,"FortiOS,Fortiproxy",7.7,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2024-03-12T15:09:17.594Z,0
CVE-2023-29180,https://securityvulnerability.io/vulnerability/CVE-2023-29180,Fortinet FortiOS Vulnerability Allows Denial of Service via Specially Crafted HTTP Requests,"A null pointer dereference vulnerability exists in Fortinet's FortiOS and FortiProxy products that may allow an attacker to trigger a denial of service condition. This vulnerability affects multiple versions of FortiOS (7.2.0 to 7.2.4, 7.0.0 to 7.0.11, 6.4.0 to 6.4.12, 6.2.0 to 6.2.14, and 6.0.0 to 6.0.16) and FortiProxy (7.2.0 to 7.2.3, 7.0.0 to 7.0.10, 2.0.0 to 2.0.12, 1.2.0 to 1.2.13, 1.1.0 to 1.1.6, and 1.0.0 to 1.0.7). The vulnerability is exploited through specially crafted HTTP requests, making it critical for users to ensure that their systems are promptly updated to mitigate potential service interruptions.",Fortinet,"FortiOS,Fortiproxy",7.5,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-02-22T09:40:16.463Z,0
CVE-2023-29179,https://securityvulnerability.io/vulnerability/CVE-2023-29179,Fortinet FortiOS Vulnerability Allows Denial of Service via Specially Crafted HTTP Requests,"A null pointer dereference vulnerability exists in Fortinet's FortiOS and FortiProxy products. This issue affects multiple versions, allowing attackers to exploit this flaw by sending specially crafted HTTP requests. Successful exploitation leads to a denial of service condition, impacting the availability of the affected systems. Organizations using vulnerable versions are advised to apply the latest security updates to mitigate potential risks.",Fortinet,"Fortiproxy,FortiOS",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-02-22T09:40:11.939Z,0
CVE-2023-29181,https://securityvulnerability.io/vulnerability/CVE-2023-29181,Format String Vulnerability in Fortinet FortiOS and FortiProxy,"A vulnerability exists in Fortinet's FortiOS and FortiProxy products, allowing an attacker to exploit externally-controlled format strings. This weakness spans multiple versions of FortiOS from 6.0.0 to 7.2.4 and FortiProxy from 1.0.0 to 7.2.4. Attackers can craft specific commands that may result in unauthorized code execution or command execution. Users of affected versions are encouraged to implement security measures to mitigate potential risks.",Fortinet,"Fortipam,FortiOS,Fortiproxy",8.8,HIGH,0.0005799999926239252,false,,false,false,false,,,false,false,,2024-02-22T09:40:06.212Z,0
CVE-2024-23113,https://securityvulnerability.io/vulnerability/CVE-2024-23113,Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution,"A vulnerability exists in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager products, allowing attackers to manipulate externally controlled format strings. This weakness enables the execution of unauthorized code or commands through specially crafted packets. Organizations using affected versions should prioritize remediation measures, as exploitation can lead to significant security breaches and data compromises.",Fortinet,"Fortiswitchmanager,FortiOS,Fortipam,Fortiproxy",9.8,CRITICAL,0.024890000000596046,true,2024-10-09T00:00:00.000Z,true,false,true,2024-10-09T00:00:00.000Z,true,true,true,2024-10-17T01:52:02.750Z,2024-02-15T13:59:25.313Z,20538
CVE-2024-21762,https://securityvulnerability.io/vulnerability/CVE-2024-21762,Fortinet FortiOS Vulnerabilities Allow Unauthorized Code Execution,"An out-of-bounds write vulnerability exists in Fortinet's FortiOS and FortiProxy products across multiple versions, which allows attackers to potentially execute unauthorized code or commands. This type of vulnerability arises when the software fails to properly restrict the writing of data to a memory buffer, leading to possible exploitation through specially crafted requests. The affected versions include several iterations of FortiOS and FortiProxy, enabling a range of security risks for organizations utilizing these solutions.",Fortinet,"FortiProxy,FortiOS",9.8,CRITICAL,0.024890000000596046,true,2024-02-09T00:00:00.000Z,true,true,true,2024-02-09T00:00:00.000Z,true,true,true,2024-02-09T19:52:02.139Z,2024-02-09T08:14:25.954Z,27839
CVE-2023-44250,https://securityvulnerability.io/vulnerability/CVE-2023-44250,Improper Privilege Management in Fortinet FortiOS and FortiProxy,"An improper privilege management vulnerability exists in Fortinet's FortiOS HA and FortiProxy HA clusters, impacting specific versions. This flaw allows authenticated attackers to escalate their privileges and perform unauthorized actions by crafting special HTTP or HTTPS requests. Organizations using the affected versions should prioritize identifying and mitigating this issue to protect their network security.",Fortinet,"FortiOS,FortiProxy",8.8,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2024-01-10T17:51:37.440Z,0