cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-40721,https://securityvulnerability.io/vulnerability/CVE-2023-40721,"Externally-Controlled Format String Vulnerability in Fortinet FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager","A vulnerability exists in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager allowing privileged attackers to execute arbitrary code or commands. This occurs due to the improper handling of externally-controlled format strings, leaving the affected products susceptible to specially crafted requests that can manipulate program execution.",Fortinet,"FortiOS,Fortiswitchmanager,Fortiproxy,Fortipam",6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:09:06.077Z,0
CVE-2022-45862,https://securityvulnerability.io/vulnerability/CVE-2022-45862,"Insufficient Session Expiration Vulnerability Affects FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager","An insufficient session expiration vulnerability exists across multiple Fortinet products, including FortiOS and FortiProxy. This vulnerability allows attackers to potentially reuse web sessions even after a user has logged out of the graphical user interface (GUI). If an attacker manages to obtain the necessary credentials, they may exploit this flaw to gain unauthorized access to the system. Affected versions of the products do not implement adequate measures to securely handle user sessions, raising significant security concerns for users. Organizations using these products are advised to review their configurations and update to the latest versions where possible.",Fortinet,"Fortipam,Fortiproxy,FortiOS,Fortiswitchmanager",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-08-13T15:51:57.147Z,0
CVE-2024-26010,https://securityvulnerability.io/vulnerability/CVE-2024-26010,Stack-based Buffer Overflow in Fortinet Products,"The stack-based buffer overflow vulnerability reported in various versions of Fortinet products allows attackers to exploit the flaw by sending specially crafted packets. This could potentially lead to execution of unauthorized code or commands within the affected systems, presenting significant security implications for users relying on Fortinet's software solutions. Specific products impacted include FortiPAM, FortiWeb, FortiAuthenticator, FortiSwitchManager, FortiOS, and FortiProxy across multiple versions, thereby necessitating immediate attention and remedial actions by users to safeguard their environments.",Fortinet,"Fortipam,Fortiswitchmanager,FortiOS,Fortiproxy",7.5,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2024-06-11T14:32:03.697Z,0
CVE-2023-45583,https://securityvulnerability.io/vulnerability/CVE-2023-45583,Format String Vulnerability in Fortinet FortiProxy and FortiOS Products,"A format string vulnerability exists in certain versions of Fortinet's FortiProxy, FortiOS, and FortiSwitchManager products due to inadequate validation of external input. This weakness allows an attacker to execute arbitrary code or commands by crafting specific command-line interface (CLI) commands and HTTP requests. The vulnerability impacts multiple versions across various Fortinet products, consequently posing a significant risk to affected systems.",Fortinet,"Fortiproxy,Fortipam,Fortiswitchmanager,FortiOS",7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-05-14T16:19:18.797Z,0
CVE-2024-23113,https://securityvulnerability.io/vulnerability/CVE-2024-23113,Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution,"A vulnerability exists in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager products, allowing attackers to manipulate externally controlled format strings. This weakness enables the execution of unauthorized code or commands through specially crafted packets. Organizations using affected versions should prioritize remediation measures, as exploitation can lead to significant security breaches and data compromises.",Fortinet,"Fortiswitchmanager,FortiOS,Fortipam,Fortiproxy",9.8,CRITICAL,0.03347000107169151,true,2024-10-09T00:00:00.000Z,true,false,true,2024-10-09T00:00:00.000Z,true,true,true,2024-10-17T01:52:02.750Z,2024-02-15T13:59:25.313Z,20538
CVE-2023-36635,https://securityvulnerability.io/vulnerability/CVE-2023-36635,Improper Access Control in Fortinet FortiSwitchManager Affects Authentication Features,"An improper access control vulnerability exists in Fortinet FortiSwitchManager versions 7.2.0 to 7.2.2 and 7.0.0 to 7.0.1. This weakness may allow a remote authenticated user with read-only access to modify interface settings via the API, potentially leading to unauthorized configuration changes and affecting the overall security posture of the network.",Fortinet,Fortiswitchmanager,6.9,MEDIUM,0.0005499999970197678,false,,false,false,false,,,false,false,,2023-09-07T13:15:00.000Z,0
CVE-2022-42474,https://securityvulnerability.io/vulnerability/CVE-2022-42474,Relative Path Traversal Vulnerability in Fortinet FortiOS and FortiProxy Products,"A relative path traversal vulnerability exists in multiple Fortinet products, including FortiOS, FortiProxy, and FortiSwitchManager. This issue allows an authenticated attacker with privileged access to send specific crafted HTTP requests, potentially leading to the unauthorized deletion of arbitrary directories from the system's filesystem, compromising the integrity and availability of the affected systems.",Fortinet,"Fortiswitchmanager,Fortiproxy,FortiOS",6.2,MEDIUM,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-06-13T08:41:42.277Z,0
CVE-2022-41335,https://securityvulnerability.io/vulnerability/CVE-2022-41335,Relative Path Traversal Vulnerability in Fortinet FortiOS and FortiProxy,"A relative path traversal vulnerability exists in Fortinet's FortiOS and FortiProxy, allowing authenticated attackers to exploit crafted HTTP requests. This may enable them to read and write files on the underlying Linux system, potentially compromising critical data and system integrity. Affected versions include FortiOS versions 7.2.0 to 7.2.2, 7.0.0 to 7.0.8, and earlier than 6.4.10, alongside FortiProxy versions 7.2.0 to 7.2.1, 7.0.0 to 7.0.7, and earlier than 2.0.10. Additionally, FortiSwitchManager version 7.2.0 and earlier than 7.0.0 are also impacted.",Fortinet,"Fortiswitchmanager,FortiOS,Fortiproxy",8.6,HIGH,0.0012799999676644802,false,,false,false,false,,,false,false,,2023-02-16T18:05:14.761Z,0
CVE-2022-40684,https://securityvulnerability.io/vulnerability/CVE-2022-40684,Fortinet Authentication Bypass Vulnerability,"An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.",Fortinet,"Fortinet FortiOS, Fortiproxy, Fortiswitchmanager",9.8,CRITICAL,0.9724299907684326,true,2022-10-11T00:00:00.000Z,false,true,true,2022-10-11T00:00:00.000Z,true,false,false,,2022-10-18T00:00:00.000Z,46