cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-45862,https://securityvulnerability.io/vulnerability/CVE-2022-45862,"Insufficient Session Expiration Vulnerability Affects FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager","An insufficient session expiration vulnerability exists across multiple Fortinet products, including FortiOS and FortiProxy. This vulnerability allows attackers to potentially reuse web sessions even after a user has logged out of the graphical user interface (GUI). If an attacker manages to obtain the necessary credentials, they may exploit this flaw to gain unauthorized access to the system. Affected versions of the products do not implement adequate measures to securely handle user sessions, raising significant security concerns for users. Organizations using these products are advised to review their configurations and update to the latest versions where possible.",Fortinet,"Fortipam,Fortiproxy,FortiOS,Fortiswitchmanager",8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-08-13T15:51:57.147Z,0
CVE-2024-26015,https://securityvulnerability.io/vulnerability/CVE-2024-26015,,"An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.",Fortinet,Fortiproxy,4.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-07-09T16:15:00.000Z,0
CVE-2024-26010,https://securityvulnerability.io/vulnerability/CVE-2024-26010,Stack-based Buffer Overflow in Fortinet Products,"The stack-based buffer overflow vulnerability reported in various versions of Fortinet products allows attackers to exploit the flaw by sending specially crafted packets. This could potentially lead to execution of unauthorized code or commands within the affected systems, presenting significant security implications for users relying on Fortinet's software solutions. Specific products impacted include FortiPAM, FortiWeb, FortiAuthenticator, FortiSwitchManager, FortiOS, and FortiProxy across multiple versions, thereby necessitating immediate attention and remedial actions by users to safeguard their environments.",Fortinet,"Fortipam,Fortiswitchmanager,FortiOS,Fortiproxy",7.5,HIGH,0.0008800000068731606,false,false,false,false,,false,false,2024-06-11T14:32:03.697Z,0
CVE-2024-21754,https://securityvulnerability.io/vulnerability/CVE-2024-21754,FortiOS Vulnerability Allows Privileged Attacker to Decrypt Backups,"A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.",Fortinet,"Fortiproxy,FortiOS",4.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-11T14:32:01.335Z,0
CVE-2024-23111,https://securityvulnerability.io/vulnerability/CVE-2024-23111,FortiOS Vulnerability Allows Privileged Attacker to Decrypt Backups,"An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.",Fortinet,"FortiOS,Fortiproxy",4.8,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2024-06-11T14:32:00.312Z,0
CVE-2023-36640,https://securityvulnerability.io/vulnerability/CVE-2023-36640,Format String Vulnerability in Fortinet FortiProxy and FortiOS Products,"The vulnerability exists due to improper handling of externally-controlled format strings in Fortinet's FortiProxy and FortiOS products. Attackers can exploit this vulnerability by sending specially crafted commands, potentially allowing them to execute unauthorized code or commands. Affected versions include FortiProxy versions 7.2.0 to 7.2.4, 7.0.0 to 7.0.10, among others, and FortiOS versions 7.2.0, 7.0.0 to 7.0.12, and older versions. Organizations using these products should evaluate their exposure and apply necessary security measures promptly.",Fortinet,"Fortiproxy,Fortipam,FortiOS",6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T16:19:21.747Z,0
CVE-2023-45583,https://securityvulnerability.io/vulnerability/CVE-2023-45583,Format String Vulnerability in Fortinet FortiProxy and FortiOS Products,"A format string vulnerability exists in certain versions of Fortinet's FortiProxy, FortiOS, and FortiSwitchManager products due to inadequate validation of external input. This weakness allows an attacker to execute arbitrary code or commands by crafting specific command-line interface (CLI) commands and HTTP requests. The vulnerability impacts multiple versions across various Fortinet products, consequently posing a significant risk to affected systems.",Fortinet,"Fortiproxy,Fortipam,Fortiswitchmanager,FortiOS",7.2,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-05-14T16:19:18.797Z,0
CVE-2023-45586,https://securityvulnerability.io/vulnerability/CVE-2023-45586,,"An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.",Fortinet,"Fortiproxy,FortiOS",4.7,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-05-14T16:19:09.998Z,0
CVE-2023-41677,https://securityvulnerability.io/vulnerability/CVE-2023-41677,Unauthorized Code Execution via Targeted Social Engineering Attack,"A vulnerability has been identified in Fortinet's FortiProxy and FortiOS products due to insufficiently protected credentials. This weakness allows an attacker to potentially execute unauthorized code or commands through a targeted social engineering attack. The affected versions span multiple releases of both FortiProxy and FortiOS, necessitating immediate action from users to mitigate potential threats associated with compromised credential protection.",Fortinet,"FortiOS,Fortiproxy",8.8,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-04-09T14:24:21.614Z,0
CVE-2023-42789,https://securityvulnerability.io/vulnerability/CVE-2023-42789,Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution via HTTP Requests,"An out-of-bounds write vulnerability exists in Fortinet's FortiOS and FortiProxy, affecting several versions across both products. This flaw allows an attacker to craft specific HTTP requests that can lead to the execution of unauthorized commands or code. As a result, potential impacts include compromising the integrity and availability of the affected systems, making timely updates and patching critical for maintaining security.",Fortinet,"FortiOS,Fortipam,Fortiproxy",9.3,CRITICAL,0.000910000002477318,false,false,false,true,true,false,false,2024-03-12T15:09:18.416Z,0
CVE-2024-23112,https://securityvulnerability.io/vulnerability/CVE-2024-23112,Authorization Bypass through User-Controlled Key Vulnerability,"An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation.",Fortinet,"Fortios,Fortiproxy",4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-03-12T15:09:17.877Z,0
CVE-2023-42790,https://securityvulnerability.io/vulnerability/CVE-2023-42790,Buffer Overflow Vulnerability in FortiOS Could Allow Execution of Unauthorized Code,"A stack-based buffer overflow vulnerability exists in Fortinet's FortiOS and FortiProxy products, spanning multiple versions. This weakness allows attackers to execute unauthorized commands or code by sending specially crafted HTTP requests to the affected systems. The vulnerability affects various FortiOS versions from 6.2.0 up to 7.4.1 and FortiProxy versions up to 7.4.0. Network security implementations utilizing these products may be at risk, necessitating immediate attention to apply the necessary patches or mitigation strategies.",Fortinet,"FortiOS,Fortiproxy",7.7,HIGH,0.0008800000068731606,false,false,false,false,,false,false,2024-03-12T15:09:17.594Z,0
CVE-2023-29180,https://securityvulnerability.io/vulnerability/CVE-2023-29180,Fortinet FortiOS Vulnerability Allows Denial of Service via Specially Crafted HTTP Requests,"A null pointer dereference vulnerability exists in Fortinet's FortiOS and FortiProxy products that may allow an attacker to trigger a denial of service condition. This vulnerability affects multiple versions of FortiOS (7.2.0 to 7.2.4, 7.0.0 to 7.0.11, 6.4.0 to 6.4.12, 6.2.0 to 6.2.14, and 6.0.0 to 6.0.16) and FortiProxy (7.2.0 to 7.2.3, 7.0.0 to 7.0.10, 2.0.0 to 2.0.12, 1.2.0 to 1.2.13, 1.1.0 to 1.1.6, and 1.0.0 to 1.0.7). The vulnerability is exploited through specially crafted HTTP requests, making it critical for users to ensure that their systems are promptly updated to mitigate potential service interruptions.",Fortinet,"FortiOS,Fortiproxy",7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-02-22T09:40:16.463Z,0
CVE-2023-29179,https://securityvulnerability.io/vulnerability/CVE-2023-29179,Fortinet FortiOS Vulnerability Allows Denial of Service via Specially Crafted HTTP Requests,"A null pointer dereference vulnerability exists in Fortinet's FortiOS and FortiProxy products. This issue affects multiple versions, allowing attackers to exploit this flaw by sending specially crafted HTTP requests. Successful exploitation leads to a denial of service condition, impacting the availability of the affected systems. Organizations using vulnerable versions are advised to apply the latest security updates to mitigate potential risks.",Fortinet,"Fortiproxy,FortiOS",6.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-02-22T09:40:11.939Z,0
CVE-2023-29181,https://securityvulnerability.io/vulnerability/CVE-2023-29181,Format String Vulnerability in Fortinet FortiOS and FortiProxy,"A vulnerability exists in Fortinet's FortiOS and FortiProxy products, allowing an attacker to exploit externally-controlled format strings. This weakness spans multiple versions of FortiOS from 6.0.0 to 7.2.4 and FortiProxy from 1.0.0 to 7.2.4. Attackers can craft specific commands that may result in unauthorized code execution or command execution. Users of affected versions are encouraged to implement security measures to mitigate potential risks.",Fortinet,"Fortipam,FortiOS,Fortiproxy",8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-02-22T09:40:06.212Z,0
CVE-2024-23113,https://securityvulnerability.io/vulnerability/CVE-2024-23113,Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution,"A vulnerability exists in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager products, allowing attackers to manipulate externally controlled format strings. This weakness enables the execution of unauthorized code or commands through specially crafted packets. Organizations using affected versions should prioritize remediation measures, as exploitation can lead to significant security breaches and data compromises.",Fortinet,"Fortiswitchmanager,FortiOS,Fortipam,Fortiproxy",9.8,CRITICAL,0.021080000326037407,true,true,false,true,true,true,true,2024-02-15T13:59:25.313Z,20538
CVE-2024-21762,https://securityvulnerability.io/vulnerability/CVE-2024-21762,Fortinet FortiOS Vulnerabilities Allow Unauthorized Code Execution,"An out-of-bounds write vulnerability exists in Fortinet's FortiOS and FortiProxy products across multiple versions, which allows attackers to potentially execute unauthorized code or commands. This type of vulnerability arises when the software fails to properly restrict the writing of data to a memory buffer, leading to possible exploitation through specially crafted requests. The affected versions include several iterations of FortiOS and FortiProxy, enabling a range of security risks for organizations utilizing these solutions.",Fortinet,"FortiProxy,FortiOS",9.8,CRITICAL,0.02071000076830387,true,true,true,true,true,true,true,2024-02-09T08:14:25.954Z,27839
CVE-2023-44250,https://securityvulnerability.io/vulnerability/CVE-2023-44250,Improper Privilege Management in Fortinet FortiOS and FortiProxy,"An improper privilege management vulnerability exists in Fortinet's FortiOS HA and FortiProxy HA clusters, impacting specific versions. This flaw allows authenticated attackers to escalate their privileges and perform unauthorized actions by crafting special HTTP or HTTPS requests. Organizations using the affected versions should prioritize identifying and mitigating this issue to protect their network security.",Fortinet,"FortiOS,FortiProxy",8.8,HIGH,0.0005799999926239252,false,false,false,false,,false,false,2024-01-10T17:51:37.440Z,0
CVE-2023-47536,https://securityvulnerability.io/vulnerability/CVE-2023-47536,,"An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.",Fortinet,"FortiOS,FortiProxy",2.8,LOW,0.001069999998435378,false,false,false,false,,false,false,2023-12-13T08:15:00.000Z,0
CVE-2023-36639,https://securityvulnerability.io/vulnerability/CVE-2023-36639,Use of Externally-Controlled Format String in Fortinet FortiProxy and FortiOS,"A vulnerability exists in Fortinet's FortiProxy and FortiOS due to improper handling of externally-controlled format strings. This flaw affects multiple versions and could enable an attacker to send specifically crafted API requests, leading to unauthorized execution of code or commands. Users of the affected Fortinet products should take immediate steps to mitigate this vulnerability to secure their systems.",Fortinet,"FortiOS,FortiPAM,FortiProxy",7,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2023-12-13T07:15:00.000Z,0
CVE-2023-28002,https://securityvulnerability.io/vulnerability/CVE-2023-28002,,"An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place.",Fortinet,"FortiOS,Fortiproxy",6.7,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-11-14T18:15:00.000Z,0
CVE-2023-36641,https://securityvulnerability.io/vulnerability/CVE-2023-36641,,"A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all  versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests.",Fortinet,"Fortiproxy,FortiOS",6.2,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2023-11-14T18:15:00.000Z,0
CVE-2023-41675,https://securityvulnerability.io/vulnerability/CVE-2023-41675,,A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.,Fortinet,"FortiOS,Fortiproxy",4.8,MEDIUM,0.0012199999764561653,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2023-29183,https://securityvulnerability.io/vulnerability/CVE-2023-29183,Cross-site Scripting Vulnerability in FortiProxy and FortiOS Products,"An improper neutralization of input during the web page generation process in FortiProxy and FortiOS could allow an authenticated attacker to execute arbitrary JavaScript code. This issue is triggered through manipulated settings in guest management, highlighting the importance of robust input validation to prevent such exploits.",Fortinet,"Fortiproxy,FortiOS",7.3,HIGH,0.0006200000061653554,false,false,false,false,,false,false,2023-09-13T13:15:00.000Z,0
CVE-2023-33308,https://securityvulnerability.io/vulnerability/CVE-2023-33308,Stack-based Overflow Vulnerability in Fortinet FortiOS and FortiProxy,"A stack-based overflow vulnerability exists in Fortinet's FortiOS and FortiProxy products, specifically in versions 7.0.0 to 7.0.10 and 7.2.0 to 7.2.3 for FortiOS, as well as FortiProxy versions 7.0.0 to 7.0.9 and 7.2.0 to 7.2.2. This flaw allows an unauthenticated attacker to execute arbitrary code by sending specially crafted packets that exploit predefined proxy policies or firewall policies configured in proxy mode, thereby bypassing security measures through deep or full packet inspection. Consequently, systems utilizing these affected versions are at heightened risk of exploitation and compromise.",Fortinet,"Fortiproxy,FortiOS",9.8,CRITICAL,0.003370000049471855,false,true,false,false,,false,false,2023-07-26T15:15:00.000Z,0