cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-23439,https://securityvulnerability.io/vulnerability/CVE-2022-23439,External Resource Referencing Vulnerability in Fortinet Products,"This vulnerability in Fortinet products allows attackers to perform web cache poisoning through specially crafted HTTP requests. By manipulating the 'Host' header to point to a malicious web server, an adversary can inject harmful resources into the cache, potentially impacting the integrity and availability of cached content for users. Multiple Fortinet products are affected, creating a significant security risk that necessitates prompt updates and remediation.",Fortinet,"Fortitester,FortiOS,Fortimail,Fortiswitch,Fortiddos-f,Fortiproxy,Fortirecorder,Fortindr,Fortiadc,Fortimanager,Fortisoar,Fortivoice,Fortiddos,Fortiwlc,Fortianalyzer,Fortiportal,Fortiauthenticator",4.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T10:15:00.000Z,0
CVE-2024-48885,https://securityvulnerability.io/vulnerability/CVE-2024-48885,"Path Traversal Vulnerability in Fortinet FortiRecorder, FortiWeb, and FortiVoice","A path traversal vulnerability has been identified in Fortinet's FortiRecorder, FortiWeb, and FortiVoice products, allowing attackers to exploit improper limitations on file paths. This flaw affects multiple versions of these products, enabling unauthorized privilege escalation through the use of specially crafted packets. Users of the affected versions are encouraged to apply updates and follow security best practices to mitigate potential risks.",Fortinet,"Fortirecorder,Fortiweb,Fortivoice",9.1,CRITICAL,0.0004799999878741801,false,,false,false,false,,false,false,false,,2025-01-16T09:01:52.958Z,0
CVE-2022-27488,https://securityvulnerability.io/vulnerability/CVE-2022-27488,CSRF Vulnerability in Fortinet FortiVoice and Related Products,"A cross-site request forgery vulnerability exists within multiple Fortinet products, including FortiVoiceEnterprise, FortiSwitch, and FortiMail. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the command-line interface. The exploit relies on tricking authenticated administrators into sending malicious GET requests, potentially compromising sensitive administrative functions.",Fortinet,"Fortivoice,Fortirecorder,Fortiswitch,Fortindr,Fortimail",7.5,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2023-12-13T07:15:00.000Z,0
CVE-2022-22297,https://securityvulnerability.io/vulnerability/CVE-2022-22297,Command Line Interpreter Vulnerability in FortiWeb and FortiRecorder Products,"The vulnerability in the command line interpreter of FortiWeb and FortiRecorder arises from an incomplete filtering of special elements, allowing authenticated users to craft command arguments that may lead to unauthorized access to arbitrary files. This flaw affects multiple versions of both products, making it essential for users to apply appropriate patches to mitigate potential risks associated with unauthorized file reading.",Fortinet,"Fortirecorder,Fortiweb",5.2,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-03-07T16:04:48.484Z,0
CVE-2022-41333,https://securityvulnerability.io/vulnerability/CVE-2022-41333,Uncontrolled Resource Consumption in FortiRecorder by Fortinet,"The vulnerability in FortiRecorder versions 6.4.3 and 6.0.11 and earlier relates to an uncontrolled resource consumption issue within its login authentication mechanism. An unauthenticated attacker could exploit this flaw by sending specially crafted GET requests, potentially leading to a denial of service where the device becomes unavailable. This poses a significant risk to systems using these affected versions.",Fortinet,Fortirecorder,6.8,MEDIUM,0.001069999998435378,false,,false,false,true,2023-03-10T17:29:09.000Z,true,false,false,,2023-03-07T16:04:43.368Z,0
CVE-2021-42755,https://securityvulnerability.io/vulnerability/CVE-2021-42755,Integer Overflow Vulnerability in Fortinet Products,"An integer overflow vulnerability in several Fortinet products, including FortiSwitch, FortiRecorder, FortiOS, FortiProxy, and FortiVoiceEnterprise, may allow an unauthenticated network-adjacent attacker to exploit the dhcpd daemon, potentially resulting in a denial of service. This could enable attackers to crash the service, disrupting network activities.",Fortinet,"Fortinet Fortiswitch, Fortirecorder, Fortivoiceenterprise, FortiOS, Fortiproxy",4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-18T17:15:00.000Z,0
CVE-2019-6698,https://securityvulnerability.io/vulnerability/CVE-2019-6698,,"Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device.",Fortinet,Fortinet Fortirecorder,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2019-08-23T19:58:39.000Z,0