cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24472,https://securityvulnerability.io/vulnerability/CVE-2025-24472,Authentication Bypass Vulnerability in FortiOS and FortiProxy Products,"A vulnerability exists in FortiOS and FortiProxy that allows remote attackers to gain unauthorized super-admin privileges. This vulnerability exploits crafted CSF proxy requests, potentially enabling attackers to bypass authentication protocols. The flaw affects versions 7.0.0 through 7.0.16 of FortiOS and various versions of FortiProxy, making it critical for users to update to secure their systems against unauthorized access.",Fortinet,"FortiOS,Fortiproxy",8.1,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T16:50:42.207Z,992
CVE-2024-35279,https://securityvulnerability.io/vulnerability/CVE-2024-35279,Remote Code Execution Vulnerability in Fortinet FortiOS,A stack-based buffer overflow vulnerability exists in Fortinet FortiOS versions 7.2.4 to 7.2.8 and 7.4.0 to 7.4.4. This issue allows remote unauthenticated attackers to execute arbitrary code or commands by sending specially crafted UDP packets through the CAPWAP control. The attacker can exploit this vulnerability if they evade the stack protections of FortiOS and if the fabric service is active on the exposed interface. It is crucial for users to update to the latest versions to mitigate this risk.,Fortinet,FortiOS,7.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T16:09:02.911Z,0
CVE-2024-40591,https://securityvulnerability.io/vulnerability/CVE-2024-40591,Privilege Escalation Vulnerability in Fortinet FortiOS,"An incorrect privilege assignment vulnerability in Fortinet FortiOS could allow an authenticated admin with the Security Fabric permission to escalate their privileges to super-admin. This can occur when the compromised FortiGate device connects to a malicious upstream FortiGate controlled by an attacker, creating a significant security risk for organizations reliant on Fortinet's infrastructure.",Fortinet,FortiOS,8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T16:09:02.843Z,0
CVE-2025-24470,https://securityvulnerability.io/vulnerability/CVE-2025-24470,Improper Path Resolution Vulnerability in FortiPortal by Fortinet,"A vulnerability in FortiPortal affects several versions from 7.0.0 to 7.4.2, allowing remote unauthenticated attackers to exploit improper resolution of path equivalence. By crafting specific HTTP requests, attackers can gain unintended access to source code, presenting potential security threats and the risk of sensitive information disclosure. Mitigation steps should be taken to protect affected systems from potential exploitation.",Fortinet,Fortiportal,8.1,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T16:08:58.707Z,0
CVE-2024-50563,https://securityvulnerability.io/vulnerability/CVE-2024-50563,Weak Authentication Vulnerability in Fortinet FortiManager and FortiAnalyzer Cloud,A vulnerability exists in Fortinet's FortiManager and FortiAnalyzer Cloud due to weak authentication mechanisms. This flaw allows attackers to execute unauthorized commands or code by exploiting brute-force techniques to gain access to the affected products. Administrators are urged to implement more robust authentication measures to mitigate risks associated with unauthorized access.,Fortinet,"Fortianalyzer,Fortimanager",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-16T09:16:52.864Z,0
CVE-2024-48885,https://securityvulnerability.io/vulnerability/CVE-2024-48885,"Path Traversal Vulnerability in Fortinet FortiRecorder, FortiWeb, and FortiVoice","A path traversal vulnerability has been identified in Fortinet's FortiRecorder, FortiWeb, and FortiVoice products, allowing attackers to exploit improper limitations on file paths. This flaw affects multiple versions of these products, enabling unauthorized privilege escalation through the use of specially crafted packets. Users of the affected versions are encouraged to apply updates and follow security best practices to mitigate potential risks.",Fortinet,"Fortirecorder,Fortiweb,Fortivoice",9.1,CRITICAL,0.0004799999878741801,false,,false,false,false,,false,false,false,,2025-01-16T09:01:52.958Z,0
CVE-2024-45331,https://securityvulnerability.io/vulnerability/CVE-2024-45331,Incorrect Privilege Assignment in Fortinet FortiAnalyzer and FortiManager,"Fortinet FortiAnalyzer and FortiManager products are affected by a vulnerability that allows an attacker to escalate privileges through specific shell commands. This could potentially enable unauthorized users to gain higher-level access within the system, compromising sensitive data and system integrity. This issue exists across multiple versions of both FortiAnalyzer and FortiManager, highlighting the importance for users to apply updates and patches promptly.",Fortinet,"Fortianalyzer,Fortimanager",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-16T08:59:23.201Z,0
CVE-2024-35273,https://securityvulnerability.io/vulnerability/CVE-2024-35273,Out-of-Bounds Write Vulnerability in Fortinet FortiManager and FortiAnalyzer,"An out-of-bounds write vulnerability exists in Fortinet's FortiManager and FortiAnalyzer products, allowing an attacker to escalate privileges through specially crafted HTTP requests. This flaw affects FortiManager versions 7.4.0 to 7.4.2 and FortiAnalyzer versions 7.4.0 to 7.4.2, posing significant risks to systems that fail to implement appropriate security measures. Users are advised to review their configurations and apply necessary updates to mitigate this risk.",Fortinet,FortiManager and FortiAnalyzer,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-48884,https://securityvulnerability.io/vulnerability/CVE-2024-48884,Path Traversal Vulnerability in Fortinet FortiManager and Related Products,"A path traversal flaw in Fortinet's FortiManager and associated products allows attackers to exploit improperly limited paths to access restricted directories. This vulnerability could allow an unauthorized escalation of privileges through carefully crafted packets, putting sensitive data and functionalities at risk. Fortinet has outlined the affected versions across several product lines, highlighting the need for immediate attention and remediation.",Fortinet,"Fortimanager,FortiOS,Fortiproxy",9.1,CRITICAL,0.0004799999878741801,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-48890,https://securityvulnerability.io/vulnerability/CVE-2024-48890,OS Command Injection in FortiSOAR IMAP Connector by Fortinet,"An OS Command Injection vulnerability exists in the FortiSOAR IMAP connector, specifically in version 3.5.7 and earlier. This flaw arises from the improper handling of special elements in an OS command context, which can allow an authenticated attacker to craft a malicious playbook and execute unauthorized code. Exploiting this vulnerability could lead to serious consequences, including unauthorized access to sensitive system functions.",Fortinet,Fortisoar,8.8,HIGH,0.0005200000014156103,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2023-37937,https://securityvulnerability.io/vulnerability/CVE-2023-37937,OS Command Injection in Fortinet FortiSwitch Products,"An OS command injection flaw exists in Fortinet FortiSwitch that permits attackers to execute arbitrary commands through the device's command-line interface (CLI). The vulnerability impacts multiple versions of FortiSwitch, potentially allowing unauthorized users to manipulate system commands and gain control over these devices. It is crucial for users of affected versions to apply the necessary updates and mitigate the risk.",Fortinet,FortiSwitch,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-35275,https://securityvulnerability.io/vulnerability/CVE-2024-35275,SQL Injection Vulnerability in Fortinet FortiAnalyzer and FortiManager,"An SQL injection vulnerability exists in Fortinet's FortiAnalyzer and FortiManager, specifically from versions 7.4.0 to 7.4.2. This flaw arises due to improper neutralization of special elements used in SQL commands. Exploiting this vulnerability allows attackers to escalate privileges through specially crafted HTTP requests. Organizations utilizing these versions should take immediate action to mitigate potential risks associated with unauthorized access and data manipulation.",Fortinet,FortiAnalyzer and FortiManager,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-55591,https://securityvulnerability.io/vulnerability/CVE-2024-55591,Remote Attackers Can Gain Super-Admin Privileges via Crafted Requests to Node.js Websocket Module,"A vulnerability exists in FortiOS and FortiProxy that allows a remote attacker to exploit an authentication bypass through crafted requests targeting the Node.js websocket module. This weakness could enable unauthorized users to attain super-admin privileges, compromising system security. Users of affected versions should take immediate action to mitigate risks by updating to the latest software versions.",Fortinet,"FortiOS,Fortiproxy",9.8,CRITICAL,0.026340000331401825,true,2025-01-14T00:00:00.000Z,true,true,true,2025-01-14T19:57:47.000Z,true,true,true,2025-01-16T04:52:02.516Z,2025-01-14T14:15:00.000Z,23558
CVE-2024-27778,https://securityvulnerability.io/vulnerability/CVE-2024-27778,OS Command Injection Vulnerability in FortiSandbox by Fortinet,"An improper neutralization of special elements used in OS command execution has been identified in Fortinet's FortiSandbox. This vulnerability affects versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6, as well as any version below 4.0.4. An attacker with at least read-only permission can exploit this flaw to execute unauthorized commands by sending specially crafted requests, which could lead to unauthorized access and control over the affected system.",Fortinet,FortiSandbox,8.8,HIGH,0.0005200000014156103,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-36512,https://securityvulnerability.io/vulnerability/CVE-2024-36512,Path Traversal Vulnerability in Fortinet FortiManager and FortiAnalyzer,"An improper limitation of a pathname to a restricted directory in Fortinet FortiManager and FortiAnalyzer could enable an attacker to exploit this flaw by sending specially crafted HTTP or HTTPS requests. This vulnerability could lead to the execution of unauthorized code or commands, posing significant risks to affected systems.",Fortinet,FortiManager and FortiAnalyzer,7.2,HIGH,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2023-37936,https://securityvulnerability.io/vulnerability/CVE-2023-37936,Hard-Coded Cryptographic Key Vulnerability in Fortinet FortiSwitch,"A hard-coded cryptographic key in multiple versions of Fortinet FortiSwitch exposes the devices to potential exploitation. Attackers can execute unauthorized code or commands by sending crafted requests to affected versions. This vulnerability can compromise the integrity of the network and lead to unauthorized access, necessitating swift actions for mitigation and remediation.",Fortinet,FortiSwitch,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-46670,https://securityvulnerability.io/vulnerability/CVE-2024-46670,Out-of-bounds Read Vulnerability in FortiOS and FortiSASE Products,"An out-of-bounds read vulnerability has been identified in FortiOS and FortiSASE products, where an unauthenticated remote attacker can exploit the weakness. This vulnerability may allow attackers to send specially crafted requests that can lead to excessive memory consumption, ultimately resulting in a Denial of Service condition. It is imperative for users of the affected versions to apply the necessary patches to mitigate the risks associated with this vulnerability.",Fortinet,FortiOS,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-26012,https://securityvulnerability.io/vulnerability/CVE-2024-26012,OS Command Injection Vulnerability in Fortinet FortiAP Products,"An OS command injection vulnerability exists in various Fortinet FortiAP products due to improper neutralization of special characters in OS commands. This vulnerability allows a local authenticated attacker to exploit the command-line interface (CLI) and execute unauthorized code, potentially compromising the security of the device. Affected versions span multiple releases, necessitating immediate action to mitigate risks.",Fortinet,"Fortiap-s,Fortiap-w2,Fortiap",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-33502,https://securityvulnerability.io/vulnerability/CVE-2024-33502,Path Traversal Vulnerability in Fortinet FortiManager and FortiAnalyzer,"A flaw has been identified in Fortinet’s FortiManager and FortiAnalyzer products, allowing an improper limitation of a pathname to a restricted directory. This vulnerability enables attackers to potentially execute unauthorized code or commands by crafting malicious HTTP or HTTPS requests, exposing systems to significant risk. It affects multiple versions of both FortiManager and FortiAnalyzer across different series, making it critical for organizations to assess their systems and apply necessary mitigations.",Fortinet,"Fortimanager,Fortianalyzer",7.2,HIGH,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-35276,https://securityvulnerability.io/vulnerability/CVE-2024-35276,Stack-Based Buffer Overflow in Fortinet FortiAnalyzer and FortiManager Products,"A stack-based buffer overflow vulnerability in multiple versions of Fortinet's FortiAnalyzer and FortiManager products could allow an attacker to execute unauthorized code or commands through specially crafted packets. This presents a significant risk, necessitating immediate attention for those using affected versions to mitigate potential exploitation.",Fortinet,FortiAnalyzer and FortiManager,9.8,CRITICAL,0.0008800000068731606,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-35277,https://securityvulnerability.io/vulnerability/CVE-2024-35277,Authentication Bypass in Fortinet FortiPortal and FortiManager Products,"A vulnerability exists in Fortinet's FortiPortal and FortiManager products due to missing authentication for critical functionality. Attackers can exploit this weakness by sending specially crafted packets to gain unauthorized access to the configuration settings of managed devices. This oversight presents a significant security risk, potentially allowing malicious actors to manipulate device configurations without proper authorization.",Fortinet,Fortimanager,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-33503,https://securityvulnerability.io/vulnerability/CVE-2024-33503,Improper Privilege Management in Fortinet FortiManager and FortiAnalyzer,"The vulnerability in Fortinet's FortiManager and FortiAnalyzer is due to improper privilege management across multiple versions. This flaw allows attackers to escalate their privileges by executing specific shell commands. Such an escalation could lead to unauthorized access and control over the system, potentially compromising sensitive data and operational integrity. It is crucial for users of affected products to implement recommended security measures promptly to mitigate potential risks.",Fortinet,FortiManager and FortiAnalyzer,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-46668,https://securityvulnerability.io/vulnerability/CVE-2024-46668,Resource Exhaustion Vulnerability in FortiOS by Fortinet,"A resource exhaustion vulnerability exists in FortiOS versions 7.4.0 to 7.4.4, 7.2.0 to 7.2.8, 7.0.0 to 7.0.15, and 6.4.0 to 6.4.15. This flaw allows an unauthenticated remote attacker to overwhelm the target system's memory by uploading multiple large files. Without appropriate limits on resource allocation, the attack could lead to denial-of-service conditions, impacting the availability of the affected Fortinet devices. Mitigating this vulnerability is critical to preserving system integrity and operational efficiency.",Fortinet,FortiOS,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-48886,https://securityvulnerability.io/vulnerability/CVE-2024-48886,Weak Authentication in Fortinet FortiOS and FortiProxy Products,"Fortinet products including FortiOS, FortiProxy, and FortiManager exhibit weak authentication flaws across various versions. This vulnerability could allow an attacker to execute unauthorized code or commands via a brute-force attack, potentially compromising the integrity and security of the affected systems. Users are advised to update to the latest versions to mitigate this risk.",Fortinet,"FortiOS, FortiProxy, FortiManager, FortiAnalyzer",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-50566,https://securityvulnerability.io/vulnerability/CVE-2024-50566,OS Command Injection Vulnerability in Fortinet FortiManager,"An OS command injection vulnerability exists in Fortinet FortiManager that allows an authenticated remote attacker to execute unauthorized commands by crafting specific FGFM requests. This vulnerability affects multiple versions of both FortiManager and FortiManager Cloud, presenting significant security risks if not addressed promptly. Organizations using vulnerable versions should apply the recommended patches to safeguard against potential exploits.",Fortinet,FortiManager,8.8,HIGH,0.0005200000014156103,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0