cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-50563,https://securityvulnerability.io/vulnerability/CVE-2024-50563,Weak Authentication Vulnerability in Fortinet FortiManager and FortiAnalyzer Cloud,A vulnerability exists in Fortinet's FortiManager and FortiAnalyzer Cloud due to weak authentication mechanisms. This flaw allows attackers to execute unauthorized commands or code by exploiting brute-force techniques to gain access to the affected products. Administrators are urged to implement more robust authentication measures to mitigate risks associated with unauthorized access.,Fortinet,"Fortianalyzer,Fortimanager",6.7,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-16T09:16:52.864Z,0
CVE-2024-48885,https://securityvulnerability.io/vulnerability/CVE-2024-48885,"Path Traversal Vulnerability in Fortinet FortiRecorder, FortiWeb, and FortiVoice","A path traversal vulnerability has been identified in Fortinet's FortiRecorder, FortiWeb, and FortiVoice products, allowing attackers to exploit improper limitations on file paths. This flaw affects multiple versions of these products, enabling unauthorized privilege escalation through the use of specially crafted packets. Users of the affected versions are encouraged to apply updates and follow security best practices to mitigate potential risks.",Fortinet,"Fortirecorder,Fortiweb,Fortivoice",5.2,MEDIUM,0.0004400000034365803,false,false,false,false,false,false,false,2025-01-16T09:01:52.958Z,0
CVE-2024-45331,https://securityvulnerability.io/vulnerability/CVE-2024-45331,Incorrect Privilege Assignment in Fortinet FortiAnalyzer and FortiManager,"Fortinet FortiAnalyzer and FortiManager products are affected by a vulnerability that allows an attacker to escalate privileges through specific shell commands. This could potentially enable unauthorized users to gain higher-level access within the system, compromising sensitive data and system integrity. This issue exists across multiple versions of both FortiAnalyzer and FortiManager, highlighting the importance for users to apply updates and patches promptly.",Fortinet,"Fortianalyzer,Fortimanager",6.9,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-16T08:59:23.201Z,0
CVE-2024-35280,https://securityvulnerability.io/vulnerability/CVE-2024-35280,Cross-Site Scripting Vulnerability in Fortinet FortiDeceptor,"An improper neutralization of input during web page generation in Fortinet's FortiDeceptor can lead to a reflected cross-site scripting attack. This vulnerability allows an attacker to manipulate recovery endpoints, potentially executing malicious scripts in the context of the victim's browser, thereby compromising user data and system integrity. The affected versions of FortiDeceptor include all versions of 3.x, 4.x, 5.0, 5.1 and specific versions 5.2.0 and 5.3.0. To mitigate the risks, users are advised to apply the recommended patches and implement necessary security measures.",Fortinet,Fortideceptor,5.1,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T10:07:14.953Z,0
CVE-2024-36504,https://securityvulnerability.io/vulnerability/CVE-2024-36504,Out-of-Bounds Read Vulnerability in FortiOS SSLVPN Web Portal by Fortinet,"An out-of-bounds read vulnerability exists in FortiOS SSLVPN web portal, which affects multiple versions. This flaw may allow an authenticated attacker to exploit the SSLVPN web portal, potentially resulting in a denial of service by using a specially crafted URL. Organizations using FortiOS should review their systems and apply necessary mitigations to safeguard against this vulnerability.",Fortinet,FortiOS,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2023-37937,https://securityvulnerability.io/vulnerability/CVE-2023-37937,OS Command Injection in Fortinet FortiSwitch Products,"An OS command injection flaw exists in Fortinet FortiSwitch that permits attackers to execute arbitrary commands through the device's command-line interface (CLI). The vulnerability impacts multiple versions of FortiSwitch, potentially allowing unauthorized users to manipulate system commands and gain control over these devices. It is crucial for users of affected versions to apply the necessary updates and mitigate the risk.",Fortinet,FortiSwitch,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-46667,https://securityvulnerability.io/vulnerability/CVE-2024-46667,Resource Allocation Vulnerability in Fortinet FortiSIEM Software,"A resource allocation vulnerability exists in Fortinet's FortiSIEM software across various versions, exposing the system to potential denial of service attacks. Without sufficient limits or throttling, an attacker may exploit this weakness to consume all available connections, thereby preventing legitimate TLS traffic from being processed. Organizations using affected versions of FortiSIEM should promptly review their configurations and apply necessary mitigations to safeguard their network integrity.",Fortinet,FortiSIEM,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-36506,https://securityvulnerability.io/vulnerability/CVE-2024-36506,Remote Communication Vulnerability in Fortinet FortiClientEMS,"The vulnerability in Fortinet FortiClientEMS occurs due to improper verification of the source of a communication channel, which affects multiple versions, including 7.4.0, 7.2.0 through 7.2.4, as well as all versions of 7.0 and 6.4. This weakness may allow a remote attacker to exploit the trusted host feature, potentially enabling unauthorized session connections. It highlights the need for rigorous verification mechanisms to safeguard secure communications against unauthorized access.",Fortinet,Forticlientems,3.5,LOW,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-46665,https://securityvulnerability.io/vulnerability/CVE-2024-46665,Sensitive Information Exposure in FortiOS by Fortinet,"A vulnerability exists in FortiOS versions 7.6.0 and 7.4.0 through 7.4.4, where an attacker positioned in a man-in-the-middle attack could potentially intercept accounting requests. This may lead to the unintended exposure of the RADIUS accounting server shared secret, compromising the security of sensitive data. Organizations using affected versions should take immediate action to secure their systems against possible exploitation.",Fortinet,FortiOS,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-45326,https://securityvulnerability.io/vulnerability/CVE-2024-45326,Improper Access Control in FortiDeceptor Products,"An Improper Access Control vulnerability exists in FortiDeceptor that can potentially allow an authenticated attacker, lacking sufficient privileges, to exploit the central management appliance. This is achieved through the dispatch of specially crafted requests, which may enable unauthorized operations and compromise the integrity of the management system. FortiDeceptor versions 6.0.0, 5.3.3 and lower, 5.2.1 and lower, 5.1.0, and 5.0.0 are affected, highlighting a significant security concern that necessitates prompt action to remediate.",Fortinet,FortiDeceptor,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-26012,https://securityvulnerability.io/vulnerability/CVE-2024-26012,OS Command Injection Vulnerability in Fortinet FortiAP Products,"An OS command injection vulnerability exists in various Fortinet FortiAP products due to improper neutralization of special characters in OS commands. This vulnerability allows a local authenticated attacker to exploit the command-line interface (CLI) and execute unauthorized code, potentially compromising the security of the device. Affected versions span multiple releases, necessitating immediate action to mitigate risks.",Fortinet,"Fortiap-s,Fortiap-w2,Fortiap",6.3,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-35278,https://securityvulnerability.io/vulnerability/CVE-2024-35278,SQL Injection Vulnerability in Fortinet FortiPortal Affects Multiple Versions,"An improper neutralization of special elements used in SQL commands in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 permits authenticated attackers to manipulate HTTP requests, potentially revealing executed SQL queries on the server side. This vulnerability emphasizes the need for secure coding practices to mitigate SQL injection risks and to protect sensitive data from unauthorized access.",Fortinet,FortiPortal,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-35277,https://securityvulnerability.io/vulnerability/CVE-2024-35277,Authentication Bypass in Fortinet FortiPortal and FortiManager Products,"A vulnerability exists in Fortinet's FortiPortal and FortiManager products due to missing authentication for critical functionality. Attackers can exploit this weakness by sending specially crafted packets to gain unauthorized access to the configuration settings of managed devices. This oversight presents a significant security risk, potentially allowing malicious actors to manipulate device configurations without proper authorization.",Fortinet,Fortimanager,8.4,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-27778,https://securityvulnerability.io/vulnerability/CVE-2024-27778,OS Command Injection Vulnerability in FortiSandbox by Fortinet,"An improper neutralization of special elements used in OS command execution has been identified in Fortinet's FortiSandbox. This vulnerability affects versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6, as well as any version below 4.0.4. An attacker with at least read-only permission can exploit this flaw to execute unauthorized commands by sending specially crafted requests, which could lead to unauthorized access and control over the affected system.",Fortinet,FortiSandbox,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2023-46715,https://securityvulnerability.io/vulnerability/CVE-2023-46715,Origin Validation Flaw in Fortinet FortiOS IPSec VPN,"An origin validation error in Fortinet's FortiOS IPSec VPN enables an authenticated user with dynamic IP addressing to send packets that can spoof another user's IP. This vulnerability affects versions 7.4.0 through 7.4.1 and 7.2.6 and below, allowing a potential threat to network integrity by exploiting crafted network packets.",Fortinet,FortiOS IPSec VPN,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-55591,https://securityvulnerability.io/vulnerability/CVE-2024-55591,Remote Attackers Can Gain Super-Admin Privileges via Crafted Requests to Node.js Websocket Module,"A vulnerability exists in FortiOS and FortiProxy that allows a remote attacker to exploit an authentication bypass through crafted requests targeting the Node.js websocket module. This weakness could enable unauthorized users to attain super-admin privileges, compromising system security. Users of affected versions should take immediate action to mitigate risks by updating to the latest software versions.",Fortinet,"FortiOS,Fortiproxy",9.8,CRITICAL,0.026340000331401825,true,true,true,true,false,true,true,2025-01-14T14:15:00.000Z,23552
CVE-2024-35273,https://securityvulnerability.io/vulnerability/CVE-2024-35273,Out-of-Bounds Write Vulnerability in Fortinet FortiManager and FortiAnalyzer,"An out-of-bounds write vulnerability exists in Fortinet's FortiManager and FortiAnalyzer products, allowing an attacker to escalate privileges through specially crafted HTTP requests. This flaw affects FortiManager versions 7.4.0 to 7.4.2 and FortiAnalyzer versions 7.4.0 to 7.4.2, posing significant risks to systems that fail to implement appropriate security measures. Users are advised to review their configurations and apply necessary updates to mitigate this risk.",Fortinet,FortiManager and FortiAnalyzer,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2023-42786,https://securityvulnerability.io/vulnerability/CVE-2023-42786,Null Pointer Dereference in FortiOS Affects Multiple Versions by Fortinet,"A null pointer dereference vulnerability in FortiOS allows an attacker to exploit the flaw through a specially crafted HTTP request. This may result in a denial of service condition, impacting the availability and performance of the FortiOS devices running the affected software versions. It is essential for users to update their systems to mitigate this risk and ensure continued security.",Fortinet,FortiOS,6.5,MEDIUM,0.0004400000034365803,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2023-37931,https://securityvulnerability.io/vulnerability/CVE-2023-37931,SQL Injection Vulnerability in FortiVoice Enterprise by Fortinet,"An improper neutralization of special elements used in SQL commands allows authenticated attackers to execute blind SQL injection on FortiVoice Enterprise. Attackers can exploit this vulnerability by sending specially crafted HTTP or HTTPS requests, potentially compromising sensitive data within the affected systems. This highlights the importance of securing web applications from such vulnerabilities to maintain data integrity and confidentiality.",Fortinet,FortiVoice Enterprise,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-32115,https://securityvulnerability.io/vulnerability/CVE-2024-32115,Path Traversal Vulnerability in Fortinet FortiManager,"A relative path traversal vulnerability in Fortinet FortiManager allows a privileged attacker to craft malicious HTTP or HTTPS requests that can lead to unauthorized file deletions from the system's underlying filesystem. This vulnerability affects multiple versions of FortiManager, allowing potential exploitation by users with malicious intent to disrupt services and compromise sensitive data.",Fortinet,FortiManager,,,0.0004400000034365803,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-35275,https://securityvulnerability.io/vulnerability/CVE-2024-35275,SQL Injection Vulnerability in Fortinet FortiAnalyzer and FortiManager,"An SQL injection vulnerability exists in Fortinet's FortiAnalyzer and FortiManager, specifically from versions 7.4.0 to 7.4.2. This flaw arises due to improper neutralization of special elements used in SQL commands. Exploiting this vulnerability allows attackers to escalate privileges through specially crafted HTTP requests. Organizations utilizing these versions should take immediate action to mitigate potential risks associated with unauthorized access and data manipulation.",Fortinet,FortiAnalyzer and FortiManager,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-35276,https://securityvulnerability.io/vulnerability/CVE-2024-35276,Stack-Based Buffer Overflow in Fortinet FortiAnalyzer and FortiManager Products,"A stack-based buffer overflow vulnerability in multiple versions of Fortinet's FortiAnalyzer and FortiManager products could allow an attacker to execute unauthorized code or commands through specially crafted packets. This presents a significant risk, necessitating immediate attention for those using affected versions to mitigate potential exploitation.",Fortinet,FortiAnalyzer and FortiManager,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2023-42785,https://securityvulnerability.io/vulnerability/CVE-2023-42785,Denial of Service Vulnerability in FortiOS by Fortinet,"A null pointer dereference vulnerability in specific versions of FortiOS can be exploited by an attacker to trigger a denial of service (DoS). This occurs when a crafted HTTP request is processed by the affected FortiOS versions, leading to service interruptions. The affected versions include FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, and all versions of 7.0, 6.4, 6.2, and 6.0. Organizations using these versions are advised to take immediate steps to mitigate the risk.",Fortinet,FortiOS,6.5,MEDIUM,0.0004400000034365803,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2023-37936,https://securityvulnerability.io/vulnerability/CVE-2023-37936,Hard-Coded Cryptographic Key Vulnerability in Fortinet FortiSwitch,"A hard-coded cryptographic key in multiple versions of Fortinet FortiSwitch exposes the devices to potential exploitation. Attackers can execute unauthorized code or commands by sending crafted requests to affected versions. This vulnerability can compromise the integrity of the network and lead to unauthorized access, necessitating swift actions for mitigation and remediation.",Fortinet,FortiSwitch,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-33502,https://securityvulnerability.io/vulnerability/CVE-2024-33502,Path Traversal Vulnerability in Fortinet FortiManager and FortiAnalyzer,"A flaw has been identified in Fortinet’s FortiManager and FortiAnalyzer products, allowing an improper limitation of a pathname to a restricted directory. This vulnerability enables attackers to potentially execute unauthorized code or commands by crafting malicious HTTP or HTTPS requests, exposing systems to significant risk. It affects multiple versions of both FortiManager and FortiAnalyzer across different series, making it critical for organizations to assess their systems and apply necessary mitigations.",Fortinet,"Fortimanager,Fortianalyzer",6.4,MEDIUM,0.0004400000034365803,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0