cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-23439,https://securityvulnerability.io/vulnerability/CVE-2022-23439,External Resource Referencing Vulnerability in Fortinet Products,"This vulnerability in Fortinet products allows attackers to perform web cache poisoning through specially crafted HTTP requests. By manipulating the 'Host' header to point to a malicious web server, an adversary can inject harmful resources into the cache, potentially impacting the integrity and availability of cached content for users. Multiple Fortinet products are affected, creating a significant security risk that necessitates prompt updates and remediation.",Fortinet,"Fortitester,FortiOS,Fortimail,Fortiswitch,Fortiddos-f,Fortiproxy,Fortirecorder,Fortindr,Fortiadc,Fortimanager,Fortisoar,Fortivoice,Fortiddos,Fortiwlc,Fortianalyzer,Fortiportal,Fortiauthenticator",4.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T10:15:00.000Z,0
CVE-2022-27488,https://securityvulnerability.io/vulnerability/CVE-2022-27488,CSRF Vulnerability in Fortinet FortiVoice and Related Products,"A cross-site request forgery vulnerability exists within multiple Fortinet products, including FortiVoiceEnterprise, FortiSwitch, and FortiMail. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the command-line interface. The exploit relies on tricking authenticated administrators into sending malicious GET requests, potentially compromising sensitive administrative functions.",Fortinet,"Fortivoice,Fortirecorder,Fortiswitch,Fortindr,Fortimail",7.5,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2023-12-13T07:15:00.000Z,0
CVE-2022-27490,https://securityvulnerability.io/vulnerability/CVE-2022-27490,"Sensitive Information Exposure in Fortinet FortiManager, FortiAnalyzer, and FortiPortal","A vulnerability exists in various Fortinet products, including FortiManager, FortiAnalyzer, FortiPortal, and FortiSwitch, that allows an attacker with restricted administrative access to leverage `diagnose debug` commands. This improper management of sensitive information can lead to unauthorized data exposure, posing significant risks to security and compliance, especially for organizations relying on these Fortinet solutions.",Fortinet,"Fortimanager,Fortianalyzer,Fortiportal,Fortiswitch",5.1,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-03-07T16:04:57.843Z,0
CVE-2021-43074,https://securityvulnerability.io/vulnerability/CVE-2021-43074,Cryptographic Signature Verification Flaw in Fortinet Products,"A cryptographic signature verification flaw exists in multiple Fortinet products, allowing attackers to intercept admin session management cookies. This vulnerability enables potential decryption of sensitive session information, posing a serious security threat to affected environments.",Fortinet,"Fortiswitch,Fortiweb,Fortiproxy,FortiOS",4.1,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-02-16T18:05:27.932Z,0
CVE-2021-42755,https://securityvulnerability.io/vulnerability/CVE-2021-42755,Integer Overflow Vulnerability in Fortinet Products,"An integer overflow vulnerability in several Fortinet products, including FortiSwitch, FortiRecorder, FortiOS, FortiProxy, and FortiVoiceEnterprise, may allow an unauthenticated network-adjacent attacker to exploit the dhcpd daemon, potentially resulting in a denial of service. This could enable attackers to crash the service, disrupting network activities.",Fortinet,"Fortinet Fortiswitch, Fortirecorder, Fortivoiceenterprise, FortiOS, Fortiproxy",4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-18T17:15:00.000Z,0
CVE-2021-26111,https://securityvulnerability.io/vulnerability/CVE-2021-26111,Memory Exhaustion Vulnerability in FortiSwitch by Fortinet,"FortiSwitch devices from version 3.6.11 and lower to 6.4.6 are vulnerable to a memory exhaustion issue due to a missing release of memory after the effective lifetime. An attacker located on an adjacent network can exploit this vulnerability by sending specially crafted LLDP, CDP, or EDP packets to the affected device, potentially exhausting the available memory and impacting device performance.",Fortinet,Fortinet Fortiswitch,6.5,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2021-06-01T19:57:24.000Z,0
CVE-2019-17657,https://securityvulnerability.io/vulnerability/CVE-2019-17657,,"An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.",Fortinet,"Fortinet Fortiswitch,Fortianalyzer,Fortimanager,Fortiap-s/w2",7.5,HIGH,0.0022299999836832285,false,,false,false,false,,,false,false,,2020-04-07T17:11:07.000Z,0
CVE-2016-4573,https://securityvulnerability.io/vulnerability/CVE-2016-4573,,"Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account.",Fortinet,Fortiswitch,9.8,CRITICAL,0.004720000084489584,false,,false,false,false,,,false,false,,2016-09-09T14:00:00.000Z,0