cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-27488,https://securityvulnerability.io/vulnerability/CVE-2022-27488,CSRF Vulnerability in Fortinet FortiVoice and Related Products,"A cross-site request forgery vulnerability exists within multiple Fortinet products, including FortiVoiceEnterprise, FortiSwitch, and FortiMail. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the command-line interface. The exploit relies on tricking authenticated administrators into sending malicious GET requests, potentially compromising sensitive administrative functions.",Fortinet,"Fortivoice,Fortirecorder,Fortiswitch,Fortindr,Fortimail",7.5,HIGH,0.0007099999929778278,false,false,false,false,,false,false,2023-12-13T07:15:00.000Z,0
CVE-2022-27490,https://securityvulnerability.io/vulnerability/CVE-2022-27490,,"A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.",Fortinet,"Fortimanager,Fortianalyzer,Fortiportal,Fortiswitch",5.1,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2023-03-07T16:04:57.843Z,0
CVE-2021-43074,https://securityvulnerability.io/vulnerability/CVE-2021-43074,,"An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.",Fortinet,"Fortiswitch,Fortiweb,Fortiproxy,FortiOS",4.1,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2023-02-16T18:05:27.932Z,0
CVE-2021-42755,https://securityvulnerability.io/vulnerability/CVE-2021-42755,,"An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.",Fortinet,"Fortinet Fortiswitch, Fortirecorder, Fortivoiceenterprise, FortiOS, Fortiproxy",4.3,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-07-18T17:15:00.000Z,0
CVE-2021-26111,https://securityvulnerability.io/vulnerability/CVE-2021-26111,,"A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device.",Fortinet,Fortinet Fortiswitch,6.5,MEDIUM,0.0005799999926239252,false,false,false,false,,false,false,2021-06-01T19:57:24.000Z,0
CVE-2019-17657,https://securityvulnerability.io/vulnerability/CVE-2019-17657,,"An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.",Fortinet,"Fortinet Fortiswitch,Fortianalyzer,Fortimanager,Fortiap-s/w2",7.5,HIGH,0.0022299999836832285,false,false,false,false,,false,false,2020-04-07T17:11:07.000Z,0
CVE-2016-4573,https://securityvulnerability.io/vulnerability/CVE-2016-4573,,"Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account.",Fortinet,Fortiswitch,9.8,CRITICAL,0.004720000084489584,false,false,false,false,,false,false,2016-09-09T14:00:00.000Z,0