cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-45862,https://securityvulnerability.io/vulnerability/CVE-2022-45862,"Insufficient Session Expiration Vulnerability Affects FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager","An insufficient session expiration vulnerability exists across multiple Fortinet products, including FortiOS and FortiProxy. This vulnerability allows attackers to potentially reuse web sessions even after a user has logged out of the graphical user interface (GUI). If an attacker manages to obtain the necessary credentials, they may exploit this flaw to gain unauthorized access to the system. Affected versions of the products do not implement adequate measures to securely handle user sessions, raising significant security concerns for users. Organizations using these products are advised to review their configurations and update to the latest versions where possible.",Fortinet,"Fortipam,Fortiproxy,FortiOS,Fortiswitchmanager",8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-08-13T15:51:57.147Z,0
CVE-2024-26010,https://securityvulnerability.io/vulnerability/CVE-2024-26010,Stack-based Buffer Overflow in Fortinet Products,"The stack-based buffer overflow vulnerability reported in various versions of Fortinet products allows attackers to exploit the flaw by sending specially crafted packets. This could potentially lead to execution of unauthorized code or commands within the affected systems, presenting significant security implications for users relying on Fortinet's software solutions. Specific products impacted include FortiPAM, FortiWeb, FortiAuthenticator, FortiSwitchManager, FortiOS, and FortiProxy across multiple versions, thereby necessitating immediate attention and remedial actions by users to safeguard their environments.",Fortinet,"Fortipam,Fortiswitchmanager,FortiOS,Fortiproxy",7.5,HIGH,0.0008800000068731606,false,false,false,false,,false,false,2024-06-11T14:32:03.697Z,0
CVE-2023-45583,https://securityvulnerability.io/vulnerability/CVE-2023-45583,Format String Vulnerability in Fortinet FortiProxy and FortiOS Products,"A format string vulnerability exists in certain versions of Fortinet's FortiProxy, FortiOS, and FortiSwitchManager products due to inadequate validation of external input. This weakness allows an attacker to execute arbitrary code or commands by crafting specific command-line interface (CLI) commands and HTTP requests. The vulnerability impacts multiple versions across various Fortinet products, consequently posing a significant risk to affected systems.",Fortinet,"Fortiproxy,Fortipam,Fortiswitchmanager,FortiOS",7.2,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-05-14T16:19:18.797Z,0
CVE-2024-23113,https://securityvulnerability.io/vulnerability/CVE-2024-23113,Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution,"A vulnerability exists in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager products, allowing attackers to manipulate externally controlled format strings. This weakness enables the execution of unauthorized code or commands through specially crafted packets. Organizations using affected versions should prioritize remediation measures, as exploitation can lead to significant security breaches and data compromises.",Fortinet,"Fortiswitchmanager,FortiOS,Fortipam,Fortiproxy",9.8,CRITICAL,0.02071000076830387,true,true,false,true,true,true,true,2024-02-15T13:59:25.313Z,20538
CVE-2023-36635,https://securityvulnerability.io/vulnerability/CVE-2023-36635,,"An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2
7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API.",Fortinet,Fortiswitchmanager,6.9,MEDIUM,0.0005499999970197678,false,false,false,false,,false,false,2023-09-07T13:15:00.000Z,0
CVE-2022-42474,https://securityvulnerability.io/vulnerability/CVE-2022-42474,,"A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.",Fortinet,"Fortiswitchmanager,Fortiproxy,FortiOS",6.2,MEDIUM,0.0006699999794363976,false,false,false,false,,false,false,2023-06-13T08:41:42.277Z,0
CVE-2022-41335,https://securityvulnerability.io/vulnerability/CVE-2022-41335,Relative Path Traversal Vulnerability in Fortinet FortiOS and FortiProxy,"A relative path traversal vulnerability exists in Fortinet's FortiOS and FortiProxy, allowing authenticated attackers to exploit crafted HTTP requests. This may enable them to read and write files on the underlying Linux system, potentially compromising critical data and system integrity. Affected versions include FortiOS versions 7.2.0 to 7.2.2, 7.0.0 to 7.0.8, and earlier than 6.4.10, alongside FortiProxy versions 7.2.0 to 7.2.1, 7.0.0 to 7.0.7, and earlier than 2.0.10. Additionally, FortiSwitchManager version 7.2.0 and earlier than 7.0.0 are also impacted.",Fortinet,"Fortiswitchmanager,FortiOS,Fortiproxy",8.6,HIGH,0.0012799999676644802,false,false,false,false,,false,false,2023-02-16T18:05:14.761Z,0
CVE-2022-40684,https://securityvulnerability.io/vulnerability/CVE-2022-40684,,"An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.",Fortinet,"Fortinet FortiOS, Fortiproxy, Fortiswitchmanager",9.8,CRITICAL,0.9728000164031982,true,false,true,true,true,false,false,2022-10-18T00:00:00.000Z,0