cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-23439,https://securityvulnerability.io/vulnerability/CVE-2022-23439,External Resource Referencing Vulnerability in Fortinet Products,"This vulnerability in Fortinet products allows attackers to perform web cache poisoning through specially crafted HTTP requests. By manipulating the 'Host' header to point to a malicious web server, an adversary can inject harmful resources into the cache, potentially impacting the integrity and availability of cached content for users. Multiple Fortinet products are affected, creating a significant security risk that necessitates prompt updates and remediation.",Fortinet,"Fortitester,FortiOS,Fortimail,Fortiswitch,Fortiddos-f,Fortiproxy,Fortirecorder,Fortindr,Fortiadc,Fortimanager,Fortisoar,Fortivoice,Fortiddos,Fortiwlc,Fortianalyzer,Fortiportal,Fortiauthenticator",4.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T10:15:00.000Z,0
CVE-2024-48885,https://securityvulnerability.io/vulnerability/CVE-2024-48885,"Path Traversal Vulnerability in Fortinet FortiRecorder, FortiWeb, and FortiVoice","A path traversal vulnerability has been identified in Fortinet's FortiRecorder, FortiWeb, and FortiVoice products, allowing attackers to exploit improper limitations on file paths. This flaw affects multiple versions of these products, enabling unauthorized privilege escalation through the use of specially crafted packets. Users of the affected versions are encouraged to apply updates and follow security best practices to mitigate potential risks.",Fortinet,"Fortirecorder,Fortiweb,Fortivoice",9.1,CRITICAL,0.0004799999878741801,false,,false,false,false,,false,false,false,,2025-01-16T09:01:52.958Z,0
CVE-2023-40720,https://securityvulnerability.io/vulnerability/CVE-2023-40720,Authorization Bypass Vulnerability in FortiVoice Enterprise,"An authorization bypass vulnerability exists in FortiVoice Enterprise versions 7.0.0 and 7.0.1, as well as all versions prior to 6.4.8. This flaw permits authenticated attackers to exploit vulnerabilities in user-controlled keys, thereby allowing unauthorized access to the SIP configuration of other users. By crafting specific HTTP or HTTPS requests, the security of affected systems can be compromised, potentially leading to data exposure that could have severe implications for user privacy and system integrity.",Fortinet,Fortivoice,7.1,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-05-14T16:19:12.993Z,0
CVE-2023-37932,https://securityvulnerability.io/vulnerability/CVE-2023-37932,Path Traversal Vulnerability in FortiVoice Enterprise,"This vulnerability involves an improper limitation of a pathname to a restricted directory, allowing authenticated attackers to exploit FortiVoice Enterprise versions 7.0.0 and earlier up to 6.4.7. By crafting and sending specific HTTP or HTTPS requests, attackers can gain unauthorized access to arbitrary files within the system. This flaw poses significant risks to data integrity and security, compelling users and organizations to implement necessary patches and mitigations. Fortinet provides detailed information and guidance on addressing this vulnerability.",Fortinet,FortiVoice,6.5,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2024-01-10T17:48:00.502Z,0
CVE-2022-27488,https://securityvulnerability.io/vulnerability/CVE-2022-27488,CSRF Vulnerability in Fortinet FortiVoice and Related Products,"A cross-site request forgery vulnerability exists within multiple Fortinet products, including FortiVoiceEnterprise, FortiSwitch, and FortiMail. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the command-line interface. The exploit relies on tricking authenticated administrators into sending malicious GET requests, potentially compromising sensitive administrative functions.",Fortinet,"Fortivoice,Fortirecorder,Fortiswitch,Fortindr,Fortimail",7.5,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2023-12-13T07:15:00.000Z,0