Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2024-05-14 17:15

Modified

2024-11-21 08:20

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Summary

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-23-282	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-23-282	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortivoice	*
fortinet	fortivoice	*
fortinet	fortivoice	7.0.0
fortinet	fortivoice	7.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B44874-E530-40B9-92F5-03667CFB9F1C",
                     versionEndIncluding: "6.0.12",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FCE3488-2ABC-4608-91D4-8B25A9C180FA",
                     versionEndIncluding: "6.4.8",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB44AB41-E006-489F-9C49-2DFA73EF01B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "46ED919A-533A-4C6D-9042-B67A9E89FF29",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.",
      },
      {
         lang: "es",
         value: "Una omisión de autorización a través de una vulnerabilidad de clave controlada por el usuario [CWE-639] en FortiVoiceEntreprise versión 7.0.0 a 7.0.1 y anteriores a 6.4.8 permite a un atacante autenticado leer la configuración SIP de otros usuarios a través de solicitudes HTTP o HTTPS manipuladas.",
      },
   ],
   id: "CVE-2023-40720",
   lastModified: "2024-11-21T08:20:01.767",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 7.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 4.2,
            source: "psirt@fortinet.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 7.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 4.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-05-14T17:15:19.067",
   references: [
      {
         source: "psirt@fortinet.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.com/psirt/FG-IR-23-282",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.com/psirt/FG-IR-23-282",
      },
   ],
   sourceIdentifier: "psirt@fortinet.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-639",
            },
         ],
         source: "psirt@fortinet.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2025-01-22 10:15

Modified

2025-02-12 13:39

Severity ?

4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-21-254	Broken Link

Impacted products

Vendor	Product	Version
fortinet	fortiadc	*
fortinet	fortiauthenticator	*
fortinet	fortiauthenticator	*
fortinet	fortiddos	*
fortinet	fortiddos-f	*
fortinet	fortimail	*
fortinet	fortindr	*
fortinet	fortindr	7.2.0
fortinet	fortiproxy	*
fortinet	fortiproxy	*
fortinet	fortirecorder	*
fortinet	fortirecorder	*
fortinet	fortisoar	*
fortinet	fortitester	*
fortinet	fortivoice	*
fortinet	fortiwlc	*
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortiswitch	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7685DE5-EEF4-4EFF-9EE0-1ABC59A46B91",
                     versionEndExcluding: "6.2.4",
                     versionStartIncluding: "5.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "959F9558-9C68-4046-AF5F-C543C9B5C3DE",
                     versionEndExcluding: "6.3.4",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4F857C3-0369-45CD-8745-FC6086A6B401",
                     versionEndExcluding: "6.4.2",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiddos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C2587E4-5D24-4C81-AD13-B3205FA07D14",
                     versionEndExcluding: "5.5.2",
                     versionStartIncluding: "5.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "999EDF79-3052-4A4E-9B71-B0FEDEBFE33E",
                     versionEndExcluding: "6.3.4",
                     versionStartIncluding: "6.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E3E1107-F78C-41B7-A8D4-E984EF551B1B",
                     versionEndExcluding: "7.0.4",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2798BBCF-0867-4C5B-9F28-6CD9846DAD7E",
                     versionEndExcluding: "7.1.1",
                     versionStartIncluding: "1.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "06DD8B01-B4BC-432D-9045-40AD6DA84CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4BF015A-6391-40D1-9FC4-C73110A2D52E",
                     versionEndExcluding: "7.0.5",
                     versionStartIncluding: "2.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9591AF-D4A5-44F6-8535-1D166646E118",
                     versionEndExcluding: "7.4.0",
                     versionStartIncluding: "7.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A7151C5-DB42-4F91-B84C-CDA9CEF73A23",
                     versionEndExcluding: "6.0.11",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DDA9A48-7687-40A3-A14F-5EB89A20A386",
                     versionEndExcluding: "6.4.3",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B72000EC-F0D5-4100-B0DB-7405EDE32C76",
                     versionEndExcluding: "7.3.0",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8838FC8-770F-41ED-8F25-8E2953258677",
                     versionEndExcluding: "7.2.2",
                     versionStartIncluding: "3.7.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C97B8181-C602-4E70-B3EA-CBE1FA62A220",
                     versionEndExcluding: "6.4.9",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C68A52C3-281D-4B4E-B0AA-0162D846BBB2",
                     versionEndExcluding: "8.6.7",
                     versionStartIncluding: "8.6.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "00C9C02B-E40F-4536-BC74-A7DA84E4B845",
                     versionEndExcluding: "7.0.6",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4562BDF7-D894-4CD8-95AC-9409FDEBE73F",
                     versionEndExcluding: "7.2.5",
                     versionStartIncluding: "7.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF5E55C0-C600-4234-AA0C-21259AA6D97F",
                     versionEndExcluding: "7.0.5",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver",
      },
      {
         lang: "es",
         value: "Una referencia controlada externamente a un recurso en otra esfera en Fortinet FortiManager anterior a la versión 7.4.3, FortiMail anterior a la versión 7.0.3, FortiAnalyzer anterior a la versión 7.4.3, FortiVoice versión 7.0.0, 7.0.1 y anterior a 6.4.8, FortiProxy anterior a la versión 7.0.4, FortiRecorder versión 6.4.0 a 6.4.2 y anterior a 6.0.10, FortiAuthenticator versión 6.4.0 a 6.4.1 y anterior a 6.3.3, FortiNDR versión 7.2.0 anterior a 7.1.0, FortiWLC anterior a la versión 8.6.4, FortiPortal anterior a la versión 6.0.9, FortiOS versión 7.2.0 y anterior a 7.0.5, FortiADC versión 7.0.0 a 7.0.1 y anterior 6.2.3, FortiDDoS anterior a la versión 5.5.1, FortiDDoS-F anterior a la versión 6.3.3, FortiTester anterior a la versión 7.2.1, FortiSOAR anterior a la versión 7.2.2 y FortiSwitch anterior a la versión 6.3.3 permiten a los atacantes envenenar cachés web a través de solicitudes HTTP manipulado, donde el encabezado `Host` apunta a un servidor web arbitrario.",
      },
   ],
   id: "CVE-2022-23439",
   lastModified: "2025-02-12T13:39:42.107",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 2.7,
            source: "psirt@fortinet.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2025-01-22T10:15:07.737",
   references: [
      {
         source: "psirt@fortinet.com",
         tags: [
            "Broken Link",
         ],
         url: "https://fortiguard.com/psirt/FG-IR-21-254",
      },
   ],
   sourceIdentifier: "psirt@fortinet.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-610",
            },
         ],
         source: "psirt@fortinet.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-18 17:15

Modified

2024-11-21 06:28

Severity ?

4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-21-155	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-21-155	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortiproxy	*
fortinet	fortiproxy	*
fortinet	fortiproxy	*
fortinet	fortiproxy	*
fortinet	fortiproxy	7.0.0
fortinet	fortivoice	5.3.0
fortinet	fortivoice	5.3.1
fortinet	fortivoice	5.3.2
fortinet	fortivoice	5.3.3
fortinet	fortivoice	5.3.4
fortinet	fortivoice	5.3.5
fortinet	fortivoice	5.3.6
fortinet	fortivoice	5.3.7
fortinet	fortivoice	5.3.8
fortinet	fortivoice	5.3.10
fortinet	fortivoice	5.3.11
fortinet	fortivoice	5.3.12
fortinet	fortivoice	5.3.13
fortinet	fortivoice	5.3.14
fortinet	fortivoice	5.3.15
fortinet	fortivoice	5.3.16
fortinet	fortivoice	5.3.17
fortinet	fortivoice	5.3.18
fortinet	fortivoice	5.3.19
fortinet	fortivoice	5.3.20
fortinet	fortivoice	5.3.21
fortinet	fortivoice	5.3.22
fortinet	fortivoice	5.3.23
fortinet	fortivoice	5.3.24
fortinet	fortivoice	5.3.25
fortinet	fortivoice	5.3.26
fortinet	fortivoice	6.0.0
fortinet	fortivoice	6.0.1
fortinet	fortivoice	6.0.2
fortinet	fortivoice	6.0.3
fortinet	fortivoice	6.0.4
fortinet	fortivoice	6.0.5
fortinet	fortivoice	6.0.6
fortinet	fortivoice	6.0.7
fortinet	fortivoice	6.0.8
fortinet	fortivoice	6.0.9
fortinet	fortivoice	6.0.10
fortinet	fortivoice	6.4.0
fortinet	fortivoice	6.4.1
fortinet	fortivoice	6.4.2
fortinet	fortivoice	6.4.3
fortinet	fortios	5.4.0
fortinet	fortios	5.4.1
fortinet	fortios	5.4.2
fortinet	fortios	5.4.3
fortinet	fortios	5.4.4
fortinet	fortios	5.4.5
fortinet	fortios	5.4.6
fortinet	fortios	5.4.7
fortinet	fortios	5.4.8
fortinet	fortios	5.4.9
fortinet	fortios	5.4.10
fortinet	fortios	5.4.11
fortinet	fortios	5.4.12
fortinet	fortios	5.4.13
fortinet	fortios	5.6.0
fortinet	fortios	5.6.1
fortinet	fortios	5.6.2
fortinet	fortios	5.6.3
fortinet	fortios	5.6.4
fortinet	fortios	5.6.5
fortinet	fortios	5.6.6
fortinet	fortios	5.6.7
fortinet	fortios	5.6.8
fortinet	fortios	5.6.9
fortinet	fortios	5.6.10
fortinet	fortios	5.6.11
fortinet	fortios	5.6.12
fortinet	fortios	5.6.13
fortinet	fortios	5.6.14
fortinet	fortios	6.0.0
fortinet	fortios	6.0.1
fortinet	fortios	6.0.2
fortinet	fortios	6.0.3
fortinet	fortios	6.0.4
fortinet	fortios	6.0.5
fortinet	fortios	6.0.6
fortinet	fortios	6.0.7
fortinet	fortios	6.0.8
fortinet	fortios	6.0.9
fortinet	fortios	6.0.10
fortinet	fortios	6.0.11
fortinet	fortios	6.0.12
fortinet	fortios	6.0.13
fortinet	fortios	6.0.14
fortinet	fortios	6.2.0
fortinet	fortios	6.2.1
fortinet	fortios	6.2.2
fortinet	fortios	6.2.3
fortinet	fortios	6.2.4
fortinet	fortios	6.2.5
fortinet	fortios	6.2.6
fortinet	fortios	6.2.7
fortinet	fortios	6.2.8
fortinet	fortios	6.2.9
fortinet	fortios	6.2.10
fortinet	fortios	6.4.0
fortinet	fortios	6.4.1
fortinet	fortios	6.4.2
fortinet	fortios	6.4.3
fortinet	fortios	6.4.4
fortinet	fortios	6.4.5
fortinet	fortios	6.4.6
fortinet	fortios	6.4.7
fortinet	fortios	7.0.0
fortinet	fortios	7.0.1
fortinet	fortios	7.0.2
fortinet	fortirecorder_firmware	6.0.0
fortinet	fortirecorder_firmware	6.0.1
fortinet	fortirecorder_firmware	6.0.2
fortinet	fortirecorder_firmware	6.0.3
fortinet	fortirecorder_firmware	6.0.4
fortinet	fortirecorder_firmware	6.0.5
fortinet	fortirecorder_firmware	6.0.6
fortinet	fortirecorder_firmware	6.0.7
fortinet	fortirecorder_firmware	6.0.8
fortinet	fortirecorder_firmware	6.0.9
fortinet	fortirecorder_firmware	6.0.10
fortinet	fortirecorder_firmware	6.4.0
fortinet	fortirecorder_firmware	6.4.1
fortinet	fortirecorder_firmware	6.4.2
fortinet	fortiswitch	*
fortinet	fortiswitch	*
fortinet	fortiswitch	*
fortinet	fortiswitch	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "22936F53-4480-4011-9211-174D1C507E87",
                     versionEndIncluding: "1.0.7",
                     versionStartIncluding: "1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6BBF05F-4967-4A2E-A8F8-C2086097148B",
                     versionEndIncluding: "1.1.6",
                     versionStartIncluding: "1.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B84D9A-55E3-4146-A55A-ACB507E61B05",
                     versionEndIncluding: "1.2.13",
                     versionStartIncluding: "1.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3902676A-4F5F-4C6A-A22D-DEF5EB4C0543",
                     versionEndIncluding: "2.0.6",
                     versionStartIncluding: "2.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D909C90B-E136-4E8E-B551-FE0369172C1E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "53151CA2-647D-4E40-9247-C0F4E6CB680B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA5C8467-1765-434E-8C11-65D3139459EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D9ECD0B-C46E-485B-AA41-40B9C2A90547",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC948E98-B48D-499B-8FD1-4B75754D2B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "668FED55-7378-487E-BE00-C33A45076F02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "787C3018-40FA-415C-AF4C-D178AC4FB65E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F35AB98-B0CD-4B04-992E-087054FCF91F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "91BF8703-2835-4895-A347-74B6E9A2FA30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "C94723AB-6BBE-4F5E-9560-5ECBE3A809A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E13ECB66-4AC4-4C1F-92DE-9C8788DD5379",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "640AC3C4-9529-4796-A2B7-E15C9AB520DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "11C09ED8-BEDB-4EAA-B55B-CD8F81FC74CF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C31FB79-990A-403F-8479-A531837C7A79",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBFE82DC-E7BF-440A-A91E-00E5E4613592",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "67411CD4-56F9-4300-BA76-87227EE5CB5C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7AE39C3-77E7-4BF0-AEA7-186A12DDC965",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "C49169A3-E7D2-4A4F-8729-551CCB33452A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "DFC7D4A9-9143-4055-BAA2-E6093B5ED085",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "280D0F29-9BBC-4F39-91D3-C26EBAEEFC4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "47E2D164-490D-40F2-925B-C1DF2D8905F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "17FA9D1F-22C3-4B66-89C9-68EF40D7B128",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "294F7FEE-D8A0-4B6A-ACF4-539F558BAAF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE63E91F-43C9-4878-8ABF-43D6FA243B6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "21E72112-DD6F-4F04-B7A6-32F4A3CD652C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E46A71A-CC32-4FB9-B291-9D5213F2512B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:5.3.26:*:*:*:*:*:*:*",
                     matchCriteriaId: "86D2A710-4758-4B86-82C8-D3DDFD082935",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C717350D-43D2-41A4-9AA9-F8EA4F5480CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FDD21BC-FD00-4CF5-B093-1E6E9DAC9613",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C68C2594-036C-40E0-BAC5-78945229746C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "2917F59F-366B-434E-9CCB-1B734396932A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1139A66-DE22-4D31-A17F-E0A7BB4111D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC8B76AF-0BF0-4283-90B1-48D877CF69A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "DDC98DF7-9441-4F7B-9B01-36A5F63BD401",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "3BA095F4-1B52-40B2-ADFE-19699C2F9E6C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BF91792-6CFF-4069-826D-E252CF9CFB84",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "41C9826B-C2E2-4A10-AC6F-CDFDBE837049",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "065C0602-8785-404F-8DD5-EC884F0AC372",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D01-091F-42BC-AC76-45A582873EDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B920B4C-96A2-4341-8F19-8E08A583FEAE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E9E1371-6C7B-4E98-B34A-9D03C6636CCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "148EFCE2-1EBA-4673-98D2-86095564B727",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1668AE14-D9A4-4B7D-BC3F-75885792875A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E0F3B9B-A06F-4A96-B2E7-9DC56E629182",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "50F8AE97-A647-4A37-8EF2-BC0BBCC8EADD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "377A2F0B-2A58-4C2C-B546-3178B353484B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EBDFD4-45A0-47CC-817E-48E84F945402",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C9CDB2B-E454-4B91-9A47-615F31F1A3D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "71148DC5-10A4-48C3-AD65-967F66B6078C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.4.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "6A08987A-D448-4E46-ACB5-DF38CDBDD55B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.4.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0A35CD0-765F-48BD-A450-E78F213518B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8492560-24C1-43B6-A420-068FA9E3C496",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.4.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE5A3D4C-EF73-4676-A5E3-4008E7AF068D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.4.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE267898-AB2B-452E-B219-E0E6885DC5A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.4.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F223989-D906-4B0E-B54B-3D2639745837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.4.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1DC5908-9E16-4D12-9F48-AE921ED0D8C1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A3BE3F8-9157-461C-8E3A-ABFA728B7DB2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C7AEE7B-AB79-462A-BEEF-6EEC558FB8C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADEC69D2-AA57-464C-B59E-585566CCFE34",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "521E94FB-8CB3-486B-A882-49F0ACBAC502",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "F29537A6-456D-41B4-94D6-2FBA9DA3CC2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "82AF3064-9B75-471E-9ADB-F55B64E453BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC71169D-0BF3-40BC-8460-A0906B1F21F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EC7B4D7-9F3A-43FC-930E-AC55E34A94EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "48B877ED-AF81-42B1-9E88-2CD4831C6D38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "934A3FB3-97A1-4981-BB15-ABBFD273D79F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "722B3D73-504E-40EB-B8FB-9F3D9A3B6DB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "CBBDD272-D412-4DF5-A823-76D0C0C036C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "3794902F-7A0C-4EA3-B0E3-959D118ABE47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EE0B7E1-0D61-48C2-ADDB-E009ACBEE084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:5.6.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "01048DC4-07BB-4689-A7E8-F0CC4F50718D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3907C1C9-EAEB-4287-82DA-06F242DEA639",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "52A0DB21-C876-4DD3-95ED-8BA0483F0BD4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "20A322D8-C0F0-4F31-81F5-94A12B2B88F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABCB90C9-976A-4D85-A84D-A6970E9C11A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "92CA4075-BA53-415E-9348-C4D3F93A683C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "363F14B5-66AC-4CA2-A11B-E1D70C307C69",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "2BF39DA1-D854-4540-B410-3ECD5A83E95A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "C552DD33-EAC7-472E-9A1B-4BAF558D7DE6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "59D90493-FB83-43F0-A576-C90AE7775313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "03B8E997-3D10-48D2-8FCF-34B8A976A944",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6AF1FA-A034-439A-876B-BFA1BE7DE15E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "F54D5CC0-D4F4-4F8C-8CD9-A7456ED226F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "E76E7EE1-0B07-4B56-A069-AF3B5BBCB79E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "532A62AB-40C5-4C12-8079-EABCA583DB97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "64AC05A1-EF48-4282-BB3C-ED60E45CEEBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "72C437B7-75F8-4DDC-9670-19E2C21ACB27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B468AF9F-1619-4399-A1A5-115C26FB01DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4929DC17-1B20-432D-AEDA-3B3213DC6022",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "2625D2C3-A5DE-446A-B551-825B2B24EE92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9694FC0C-408A-4892-ADD1-F36F4BBBD9EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "E8C5783F-CE5B-4B8F-AF7C-C182B3ED3EAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B8A132F-601F-4129-BFCA-3A976A711D5A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "90600B14-07C4-455D-9FC1-17034D91B987",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "953B6278-878B-4B17-8AA2-641A0604F14A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "4739957D-6605-4F88-AF5F-144598270928",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF22D78B-ED8E-42A1-8F0C-F4B52B084B60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C6E45EB-4C8C-4777-9200-08B14595A3A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D114536-7169-4814-B011-570E3AD86A3D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B28478DA-8D10-4A8E-81EA-D3DF421E5089",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C423AC8-4AA2-426E-8F76-7E5B3CDF82BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "43906627-A03E-42EA-9923-DECBAE34A818",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E77E34E-9E3F-4022-9969-6DCEDAD1590A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2F935F9-5B6A-47C2-8F65-7A1E8BB061FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "91C045DF-72E9-4B33-B990-6BA25EDA7209",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "79FEE7F6-F72E-4A43-883C-0CF492DF355B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "FBDFDF02-2136-4DE0-A19B-FE3654ED90A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "49D51C9F-CED3-4EA0-89EB-3A63F54B10E7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADC427FF-F227-401D-8F41-8B3268D577CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "73DADA28-4371-4639-AB3D-BA82F365A337",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "04DB567F-A4D9-483F-83CB-8807EEF6FB07",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FBADF2A-2C17-4D37-8315-3B003854AE77",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC2673E9-3227-4EAC-9ECD-6576A575F4A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "4742E76F-3030-45F6-A54B-B337D3C6705B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "056CF29E-1953-4B25-8247-E9A59F511890",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D9CC045-D163-417F-B8AB-DC07352B81C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "962B9BAB-7414-4E6B-AF5D-F7BB0951229C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "94283031-0C2F-46B3-BAFE-69900C5DB9CF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:6.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EA67378-E9BC-4BAE-856D-FEDB42104406",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:6.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A4BEB4C-396B-44AB-8E27-357A650A5764",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:6.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "53DC5E3E-C08C-4491-9650-0781C4327225",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:6.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "484F6C79-3498-45E3-BF74-CF6075E7D31A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "843F4434-651D-4A22-80C3-77397E059A98",
                     versionEndIncluding: "6.0.7",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "549EE910-DAC4-45B7-AE45-6B6A786CD2F5",
                     versionEndIncluding: "6.2.7",
                     versionStartIncluding: "6.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A13E485-2362-4AC0-9B8E-41998257B31F",
                     versionEndIncluding: "6.4.9",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A44AA3D5-FE43-429E-B238-0954D83778A4",
                     versionEndIncluding: "7.0.2",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de desbordamiento de enteros / wraparound [CWE-190] en FortiSwitch versiones 7.0.2 y anteriores, 6.4.9 y anteriores, 6.2.x, 6.0.x; FortiRecorder 6.4.2 y anteriores, 6.0.10 y anteriores; FortiOS 7.0.2 y anteriores, 6.4.8 y anteriores, 6.2.10 y anteriores, 6.0.x; FortiProxy 7. 0.0, 2.0.6 y anteriores, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 y anteriores, 6.0.10 y anteriores, dhcpd daemon puede permitir a un atacante no autenticado y adyacente a la red bloquear el dhcpd deamon, resultando en una potencial denegación de servicio",
      },
   ],
   id: "CVE-2021-42755",
   lastModified: "2024-11-21T06:28:06.293",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "LOW",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "psirt@fortinet.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "LOW",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-18T17:15:08.413",
   references: [
      {
         source: "psirt@fortinet.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://fortiguard.com/psirt/FG-IR-21-155",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://fortiguard.com/psirt/FG-IR-21-155",
      },
   ],
   sourceIdentifier: "psirt@fortinet.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2020-04-27 17:15

Modified

2024-11-21 05:40

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-20-045	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-20-045	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortimail	*
fortinet	fortimail	*
fortinet	fortimail	*
fortinet	fortivoice	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6A0943A1-AE18-416D-BD0B-C519939E4F24",
                     versionEndIncluding: "5.4.10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5F9DD6A-23C9-44C2-AF8C-409EDB6ECCD1",
                     versionEndIncluding: "6.0.7",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08C73418-FAB3-477D-85F9-621874FBE8DA",
                     versionEndIncluding: "6.2.2",
                     versionStartIncluding: "6.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "28A42A3E-FBA6-4A68-AD2B-7CFFBDCF1E49",
                     versionEndIncluding: "6.0.1",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de autenticación inapropiada en FortiMail versiones 5.4.10, 6.0.7, 6.2.2 y anteriores y en FortiVoiceEntreprise versiones 6.0.0 y 6.0.1, puede permitir a un atacante remoto no autenticado acceder al sistema como usuario legítimo al solicitar un cambio de contraseña por medio de la interfaz de usuario.",
      },
   ],
   id: "CVE-2020-9294",
   lastModified: "2024-11-21T05:40:22.350",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-27T17:15:13.593",
   references: [
      {
         source: "psirt@fortinet.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.com/psirt/FG-IR-20-045",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.com/psirt/FG-IR-20-045",
      },
   ],
   sourceIdentifier: "psirt@fortinet.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2025-01-14 14:15

Modified

2025-02-03 22:18

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Summary

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets.

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-24-259	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortimanager	*
fortinet	fortimanager	*
fortinet	fortimanager_cloud	*
fortinet	fortiproxy	*
fortinet	fortiproxy	*
fortinet	fortiproxy	*
fortinet	fortirecorder	*
fortinet	fortirecorder	*
fortinet	fortivoice	*
fortinet	fortivoice	*
fortinet	fortiweb	*
fortinet	fortiweb	7.6.0
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortios	7.6.0

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7269FDB6-A1D4-4912-8751-87BA52614FDA",
                     versionEndExcluding: "7.4.4",
                     versionStartIncluding: "7.4.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "241A8930-4ADA-4380-AA42-F10B28487595",
                     versionEndExcluding: "7.6.2",
                     versionStartIncluding: "7.6.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "164DEDC3-B1C0-42AC-9ADB-CE03CF6A71CC",
                     versionEndExcluding: "7.4.4",
                     versionStartIncluding: "7.4.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "32CFAF1E-358A-4F6D-96CB-D7229F0D9D74",
                     versionEndExcluding: "7.0.19",
                     versionStartIncluding: "1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8B93C73-1E94-4854-8405-C3689860A74C",
                     versionEndExcluding: "7.2.12",
                     versionStartIncluding: "7.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B276403-CE85-445A-9E5D-BBFBD7AB7A68",
                     versionEndExcluding: "7.4.6",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD60BA50-3F98-46BF-97E8-28AB207DE12A",
                     versionEndExcluding: "7.0.5",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B0D078-2F52-46B4-B9C0-162447828E1B",
                     versionEndExcluding: "7.2.2",
                     versionStartIncluding: "7.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBF1E214-4BC5-47E8-BF02-072D6D830BAF",
                     versionEndIncluding: "6.4.10",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EEE0DFA-DE31-4D26-AC98-6BCED8F008DC",
                     versionEndIncluding: "7.0.5",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CDB9CE13-AAF4-418C-BA26-1A0D53C5C1C2",
                     versionEndExcluding: "7.4.5",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "28B43375-DA74-4C5F-BAEE-39F312EEF51F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA0532A5-31F2-4A92-BF31-6003E28AC948",
                     versionEndExcluding: "7.0.16",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D7D031B-221B-4738-AC83-4FB92A106528",
                     versionEndExcluding: "7.2.10",
                     versionStartIncluding: "7.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A71AD879-997D-4787-A1E9-E4132AC521E2",
                     versionEndExcluding: "7.4.5",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "44CE8EE3-D64A-49C8-87D7-C18B302F864A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets.",
      },
      {
         lang: "es",
         value: "Una limitación incorrecta de una ruta de acceso a un directorio restringido ('Path Traversal') en Fortinet FortiManager versiones 7.6.0 a 7.6.1, 7.4.1 a 7.4.3, FortiOS versiones 7.6.0, 7.4.0 a 7.4.4, 7.2.5 a 7.2.9, 7.0.0 a 7.0.15, 6.4.0 a 6.4.15, FortiProxy 7.4.0 a 7.4.5, 7.2.0 a 7.2.11, 7.0.0 a 7.0.18, 2.0.0 a 2.0.14, 1.2.0 a 1.2.13, 1.1.0 a 1.1.6, 1.0.0 a 1.0.7, FortiManager Cloud versiones 7.4.1 hasta 7.4.3, FortiRecorder versiones 7.2.0 hasta 7.2.1, 7.0.0 hasta 7.0.4, FortiVoice versiones 7.0.0 hasta 7.0.4, 6.4.0 hasta 6.4.9, 6.0.0 hasta 6.0.12, FortiWeb 7.6.0, 7.4.0 hasta 7.4.4, 7.2.0 hasta 7.2.10, 7.0.0 hasta 7.0.10, 6.4.0 hasta 6.4.3 permite al atacante activar una escalada de privilegios a través de paquetes especialmente manipulados.",
      },
   ],
   id: "CVE-2024-48884",
   lastModified: "2025-02-03T22:18:16.507",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "psirt@fortinet.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.1,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2025-01-14T14:15:32.873",
   references: [
      {
         source: "psirt@fortinet.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-259",
      },
   ],
   sourceIdentifier: "psirt@fortinet.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "psirt@fortinet.com",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2021-12-08 11:15

Modified

2024-11-21 06:28

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-21-173	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-21-173	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortiadc	*
fortinet	fortiadc	*
fortinet	fortianalyzer	*
fortinet	fortianalyzer	*
fortinet	fortimail	*
fortinet	fortimail	*
fortinet	fortimail	*
fortinet	fortimanager	*
fortinet	fortimanager	*
fortinet	fortindr	*
fortinet	fortios-6k7k	*
fortinet	fortios-6k7k	6.4.2
fortinet	fortios-6k7k	6.4.6
fortinet	fortiportal	*
fortinet	fortiproxy	*
fortinet	fortiproxy	7.0.0
fortinet	fortiproxy	7.0.1
fortinet	fortivoice	*
fortinet	fortivoice	*
fortinet	fortiweb	*
fortinet	fortiweb	6.4.0
fortinet	fortiweb	6.4.1
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortirecorder_firmware	*
fortinet	fortirecorder_firmware	*
fortinet	fortiswitch	*
fortinet	fortiswitch	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6DD5253-F76E-4799-BB45-79D7B7ACFFB1",
                     versionEndIncluding: "6.1.5",
                     versionStartIncluding: "5.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "075C4223-7586-4799-AFA8-7B578BD144B5",
                     versionEndIncluding: "6.2.2",
                     versionStartIncluding: "6.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9AE101-566A-4460-AA97-18288BBD7639",
                     versionEndIncluding: "6.4.7",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCEB8E5F-BBF2-4E6E-91C6-AA47E2CAD022",
                     versionEndIncluding: "7.0.2",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E2DC5CE-ED48-48B7-8654-7B29A65A7454",
                     versionEndIncluding: "6.2.7",
                     versionStartIncluding: "5.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0A5C345-7055-4F18-AE77-FF1DBE41AB89",
                     versionEndIncluding: "6.4.6",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "43038EC9-6FD3-488C-8CA3-8B4A705C3E11",
                     versionEndIncluding: "7.0.2",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "958C238F-B3DD-41A7-801D-0C39143A5E09",
                     versionEndIncluding: "6.4.7",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C5772DB-7F52-479C-914D-778552395990",
                     versionEndIncluding: "7.0.2",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F49E4A60-2FA0-4298-BF2E-53C86AF21BEC",
                     versionEndIncluding: "1.5.2",
                     versionStartIncluding: "1.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortios-6k7k:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEE493CA-7BE8-454A-82FD-11DB82D8FC3A",
                     versionEndIncluding: "6.2.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortios-6k7k:6.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "59BD8EE9-6F94-4EA5-B22B-1B446A15F2A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortios-6k7k:6.4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "50BDB150-8E02-427D-A9FC-C7C3C90F0584",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D4A0E2F-41C7-4AFB-AC6D-83E7B1A5FC70",
                     versionEndIncluding: "6.0.10",
                     versionStartIncluding: "5.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CEBD9074-C3A5-437E-AC44-C41E4B001980",
                     versionEndIncluding: "2.0.7",
                     versionStartIncluding: "1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D909C90B-E136-4E8E-B551-FE0369172C1E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBCB4E87-0AEC-487E-8FAD-E8F647DA21D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "70E9D9A8-EFF1-4ABE-A04D-FD983443DD3A",
                     versionEndIncluding: "6.0.10",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E8611A25-64A1-4BCE-AA46-E47DFD607CB2",
                     versionEndIncluding: "6.4.4",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FEA2E8B-78B6-40AA-9201-BDF4838950CC",
                     versionEndIncluding: "6.3.16",
                     versionStartIncluding: "5.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "74A92A08-E6F6-4522-A6DA-061950AD3525",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6A3D2C4-C3FA-4E12-9156-DAFEA4E00BCC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE1C5491-6C94-48A9-8D59-5162E576E54A",
                     versionEndIncluding: "6.0.13",
                     versionStartIncluding: "5.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4C0308D-8E52-456B-BFC2-62D4C1E9BDC3",
                     versionEndIncluding: "6.2.9",
                     versionStartIncluding: "6.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D183D979-7F73-4D02-91B7-D0C93DE55A8F",
                     versionEndIncluding: "6.4.7",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2E9D423-721A-482B-BA6B-52E4D8C07C58",
                     versionEndIncluding: "7.0.2",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3E33B56-1975-4B78-A157-E0EADB3BC1B7",
                     versionEndIncluding: "6.0.10",
                     versionStartIncluding: "2.6.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CB7DEA7-E461-43B0-98EB-CE436DE87D98",
                     versionEndIncluding: "6.4.2",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C6E5A33E-F744-4CC0-ABA0-D1734845AFBB",
                     versionEndIncluding: "6.4.9",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB3C99AC-DCA1-44A0-9671-F424109A6038",
                     versionEndIncluding: "7.0.3",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.",
      },
      {
         lang: "es",
         value: "Un desbordamiento de búfer [CWE-121] en la biblioteca del cliente TFTP de FortiOS versiones anteriores a 6.4.7 y FortiOS versiones 7.0.0 hasta 7.0.2, puede permitir a un atacante local autenticado lograr una ejecución de código arbitrario por medio de argumentos de línea de comandos especialmente diseñados",
      },
   ],
   id: "CVE-2021-42757",
   lastModified: "2024-11-21T06:28:06.653",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 5.9,
            source: "psirt@fortinet.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-12-08T11:15:11.840",
   references: [
      {
         source: "psirt@fortinet.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.com/advisory/FG-IR-21-173",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.com/advisory/FG-IR-21-173",
      },
   ],
   sourceIdentifier: "psirt@fortinet.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2025-01-16 09:15

Modified

2025-02-03 21:11

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Summary

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets.

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-24-259	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortimanager	*
fortinet	fortimanager	*
fortinet	fortimanager_cloud	*
fortinet	fortiproxy	*
fortinet	fortiproxy	*
fortinet	fortiproxy	*
fortinet	fortirecorder	*
fortinet	fortirecorder	*
fortinet	fortivoice	*
fortinet	fortivoice	*
fortinet	fortiweb	*
fortinet	fortiweb	7.6.0
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortios	7.6.0

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7269FDB6-A1D4-4912-8751-87BA52614FDA",
                     versionEndExcluding: "7.4.4",
                     versionStartIncluding: "7.4.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "241A8930-4ADA-4380-AA42-F10B28487595",
                     versionEndExcluding: "7.6.2",
                     versionStartIncluding: "7.6.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "164DEDC3-B1C0-42AC-9ADB-CE03CF6A71CC",
                     versionEndExcluding: "7.4.4",
                     versionStartIncluding: "7.4.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "32CFAF1E-358A-4F6D-96CB-D7229F0D9D74",
                     versionEndExcluding: "7.0.19",
                     versionStartIncluding: "1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8B93C73-1E94-4854-8405-C3689860A74C",
                     versionEndExcluding: "7.2.12",
                     versionStartIncluding: "7.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B276403-CE85-445A-9E5D-BBFBD7AB7A68",
                     versionEndExcluding: "7.4.6",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD60BA50-3F98-46BF-97E8-28AB207DE12A",
                     versionEndExcluding: "7.0.5",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B0D078-2F52-46B4-B9C0-162447828E1B",
                     versionEndExcluding: "7.2.2",
                     versionStartIncluding: "7.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBF1E214-4BC5-47E8-BF02-072D6D830BAF",
                     versionEndIncluding: "6.4.10",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EEE0DFA-DE31-4D26-AC98-6BCED8F008DC",
                     versionEndIncluding: "7.0.5",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CDB9CE13-AAF4-418C-BA26-1A0D53C5C1C2",
                     versionEndExcluding: "7.4.5",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "28B43375-DA74-4C5F-BAEE-39F312EEF51F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA0532A5-31F2-4A92-BF31-6003E28AC948",
                     versionEndExcluding: "7.0.16",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D7D031B-221B-4738-AC83-4FB92A106528",
                     versionEndExcluding: "7.2.10",
                     versionStartIncluding: "7.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A71AD879-997D-4787-A1E9-E4132AC521E2",
                     versionEndExcluding: "7.4.5",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "44CE8EE3-D64A-49C8-87D7-C18B302F864A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets.",
      },
      {
         lang: "es",
         value: " Una limitación incorrecta de una ruta de acceso a un directorio restringido (\"path traversal\") en Fortinet FortiRecorder versiones 7.2.0 a 7.2.1, 7.0.0 a 7.0.4, FortiWeb versiones 7.6.0, 7.4.0 a 7.4.4, 7.2.0 a 7.2.10, 7.0.0 a 7.0.10, 6.4.0 a 6.4.3, FortiVoice versiones 7.0.0 a 7.0.4, 6.4.0 a 6.4.9, 6.0.0 a 6.0.12 permite a un atacante escalar privilegios a través de paquetes especialmente manipulados.",
      },
   ],
   id: "CVE-2024-48885",
   lastModified: "2025-02-03T21:11:41.750",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 3.6,
            source: "psirt@fortinet.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.1,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2025-01-16T09:15:06.737",
   references: [
      {
         source: "psirt@fortinet.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-259",
      },
   ],
   sourceIdentifier: "psirt@fortinet.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "psirt@fortinet.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2024-01-10 18:15

Modified

2024-11-21 08:12

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-23-219	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-23-219	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortivoice	*
fortinet	fortivoice	*
fortinet	fortivoice	7.0.0

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B44874-E530-40B9-92F5-03667CFB9F1C",
                     versionEndIncluding: "6.0.12",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9743AEC-093F-47A0-BA8A-7E76308D0152",
                     versionEndExcluding: "6.4.8",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB44AB41-E006-489F-9C49-2DFA73EF01B2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de limitación inadecuada de un nombre de ruta a un directorio restringido (\"Path traversal\") [CWE-22] en FortiVoiceEntreprise versión 7.0.0 y anteriores a 6.4.7 permite a un atacante autenticado leer archivos arbitrarios del sistema mediante el envío de solicitudes HTTP o HTTPS manipuladas.",
      },
   ],
   id: "CVE-2023-37932",
   lastModified: "2024-11-21T08:12:29.797",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "psirt@fortinet.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-01-10T18:15:45.570",
   references: [
      {
         source: "psirt@fortinet.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.com/psirt/FG-IR-23-219",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.com/psirt/FG-IR-23-219",
      },
   ],
   sourceIdentifier: "psirt@fortinet.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "psirt@fortinet.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2025-01-14 14:15

Modified

2025-01-31 16:34

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-24-304	Vendor Advisory

Impacted products

	Vendor	Product	Version
	fortinet	fortivoice	*
	fortinet	fortivoice	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC0CF97D-D86C-4D83-B787-1E251FE73995",
                     versionEndExcluding: "6.4.10",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C22B8401-8893-474D-AB9E-42C3F2EF79CE",
                     versionEndExcluding: "7.0.5",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando del sistema operativo ('Inyección de comando del sistema operativo') [CWE-78] en Fortinet FortiVoice versión 7.0.0 a 7.0.4 y anteriores a 6.4.9 permite que un atacante privilegiado autenticado ejecute código o comandos no autorizados a través de solicitudes CLI manipuladas.",
      },
   ],
   id: "CVE-2024-40587",
   lastModified: "2025-01-31T16:34:37.880",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 5.9,
            source: "psirt@fortinet.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2025-01-14T14:15:31.027",
   references: [
      {
         source: "psirt@fortinet.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-304",
      },
   ],
   sourceIdentifier: "psirt@fortinet.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "psirt@fortinet.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-12-13 07:15

Modified

2024-11-21 06:55

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-22-038	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-22-038	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortiai	1.1.0
fortinet	fortiai	1.5.3
fortinet	fortimail	*
fortinet	fortimail	*
fortinet	fortimail	*
fortinet	fortimail	*
fortinet	fortindr	*
fortinet	fortindr	7.1.0
fortinet	fortirecorder	*
fortinet	fortirecorder	*
fortinet	fortirecorder	*
fortinet	fortirecorder	*
fortinet	fortivoice	*
fortinet	fortivoice	*
fortinet	fortiswitch	*
fortinet	fortiswitch	*
fortinet	fortiswitch	*
fortinet	fortiswitch	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiai:1.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "19BD18D1-18D4-4D01-BF20-63458D0B20DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortiai:1.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "649E0260-0770-4D6A-A679-8862D7039A08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "01F784BF-4F89-4938-9150-F911E3EB6CD0",
                     versionEndIncluding: "6.0.12",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AEDC7EE8-084C-4F9E-A510-E283FCDF9832",
                     versionEndIncluding: "6.2.9",
                     versionStartIncluding: "6.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0A5C345-7055-4F18-AE77-FF1DBE41AB89",
                     versionEndIncluding: "6.4.6",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3680FCC2-6397-4726-AA94-902C3831EDD1",
                     versionEndIncluding: "7.0.3",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E091862-662E-40F0-9D53-6F9B898115BC",
                     versionEndIncluding: "7.0.4",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "888692FD-3219-49D3-898C-F4EA84CCC6CF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "78EA72E6-DBA2-4E76-AF17-7AC63D542241",
                     versionEndIncluding: "2.6.3",
                     versionStartIncluding: "2.6.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A18D3F0-FED4-49D1-BD14-C57875D48190",
                     versionEndIncluding: "2.7.7",
                     versionStartIncluding: "2.7.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BAED4521-DF4F-4CCA-82CE-9FAC7BC95391",
                     versionEndIncluding: "6.0.11",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8252967-27EB-4596-A1BF-673DE66B77BF",
                     versionEndIncluding: "6.4.2",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3AE050D-F16C-4FA4-B1F3-54708C8BDC4C",
                     versionEndIncluding: "6.0.11",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCD41EBB-A032-40F1-85F9-E2640DD7F448",
                     versionEndIncluding: "6.4.7",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "843F4434-651D-4A22-80C3-77397E059A98",
                     versionEndIncluding: "6.0.7",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "549EE910-DAC4-45B7-AE45-6B6A786CD2F5",
                     versionEndIncluding: "6.2.7",
                     versionStartIncluding: "6.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EAE583E-5D26-4224-AB58-DC3E4A6EA505",
                     versionEndIncluding: "6.4.10",
                     versionStartIncluding: "6.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2681D458-EE55-478D-92D1-C6BB7BB3BAC4",
                     versionEndIncluding: "7.0.4",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.",
      },
      {
         lang: "es",
         value: "Cross-Site Request Forgery (CSRF) en Fortinet FortiVoiceEnterprise versión 6.4.x, 6.0.x, FortiSwitch versión 7.0.0 a 7.0.4, 6.4.0 a 6.4.10, 6.2.0 a 6.2.7, 6.0.x , FortiMail versión 7.0.0 a 7.0.3, 6.4.0 a 6.4.6, 6.2.x, 6.0.x FortiRecorder versión 6.4.0 a 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR versión 1.xx permite que un atacante remoto no autenticado ejecute comandos en la CLI engañando a un administrador autenticado para que ejecute solicitudes GET maliciosas.",
      },
   ],
   id: "CVE-2022-27488",
   lastModified: "2024-11-21T06:55:49.453",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.3,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.5,
            source: "psirt@fortinet.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-12-13T07:15:10.910",
   references: [
      {
         source: "psirt@fortinet.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.com/psirt/FG-IR-22-038",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.com/psirt/FG-IR-22-038",
      },
   ],
   sourceIdentifier: "psirt@fortinet.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-352",
            },
         ],
         source: "psirt@fortinet.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-352",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2024-40587

Vulnerability from cvelistv5

Published

2025-01-14 14:09

Modified

2025-01-14 20:54

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RC:C

Summary

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

References

▼	URL	Tags
	https://fortiguard.fortinet.com/psirt/FG-IR-24-304

Impacted products

	Vendor	Product	Version
	Fortinet	FortiVoice	Version: 7.0.0 ≤ 7.0.4 Version: 6.4.0 ≤ 6.4.9 Version: 6.0.0 ≤ 6.0.12 cpe:2.3:a:fortinet:fortivoice:7.0.4:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.3:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.2:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.9:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.12:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.11:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.10:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.9:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-40587",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-14T15:16:24.715853Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-14T20:54:17.369Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               cpes: [
                  "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiVoice",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.0.4",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.9",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.12",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-78",
                     description: "Execute unauthorized code or commands",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-14T14:09:40.739Z",
            orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            shortName: "fortinet",
         },
         references: [
            {
               name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-304",
               url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-304",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Please upgrade to FortiVoice version 7.2.0 or above \nPlease upgrade to FortiVoice version 7.0.5 or above \nPlease upgrade to FortiVoice version 6.4.10 or above",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
      assignerShortName: "fortinet",
      cveId: "CVE-2024-40587",
      datePublished: "2025-01-14T14:09:40.739Z",
      dateReserved: "2024-07-05T11:55:50.010Z",
      dateUpdated: "2025-01-14T20:54:17.369Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-37932

Vulnerability from cvelistv5

Published

2024-01-10 17:48

Modified

2024-08-02 17:23

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RC:C

Summary

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests

References

▼	URL	Tags
	https://fortiguard.com/psirt/FG-IR-23-219

Impacted products

	Vendor	Product	Version
	Fortinet	FortiVoice	Version: 7.0.0 Version: 6.4.0 ≤ 6.4.7 Version: 6.0.0 ≤ 6.0.12

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T17:23:27.749Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "https://fortiguard.com/psirt/FG-IR-23-219",
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://fortiguard.com/psirt/FG-IR-23-219",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "FortiVoice",
               vendor: "Fortinet",
               versions: [
                  {
                     status: "affected",
                     version: "7.0.0",
                  },
                  {
                     lessThanOrEqual: "6.4.7",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.12",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-22",
                     description: "Information disclosure",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-01-10T17:48:00.502Z",
            orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            shortName: "fortinet",
         },
         references: [
            {
               name: "https://fortiguard.com/psirt/FG-IR-23-219",
               url: "https://fortiguard.com/psirt/FG-IR-23-219",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Please upgrade to FortiVoice version 7.0.1 or above \nPlease upgrade to FortiVoice version 6.4.8 or above \n",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
      assignerShortName: "fortinet",
      cveId: "CVE-2023-37932",
      datePublished: "2024-01-10T17:48:00.502Z",
      dateReserved: "2023-07-11T08:16:54.092Z",
      dateUpdated: "2024-08-02T17:23:27.749Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-23439

Vulnerability from cvelistv5

Published

2025-01-22 09:10

Modified

2025-01-22 14:21

Severity ?

4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

Summary

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

References

▼	URL	Tags
	https://fortiguard.com/psirt/FG-IR-21-254

Impacted products

Vendor

Product

Version

▼

Fortinet

FortiTester

Version: 7.2.0   ≤ 7.2.1
Version: 7.1.0   ≤ 7.1.1
Version: 7.0.0
Version: 4.2.0   ≤ 4.2.1
Version: 4.1.0   ≤ 4.1.1
Version: 4.0.0
Version: 3.9.0   ≤ 3.9.2
Version: 3.8.0
Version: 3.7.0   ≤ 3.7.1
Version: 3.6.0
Version: 3.5.0   ≤ 3.5.1
Version: 3.4.0
Version: 3.3.0   ≤ 3.3.1

Fortinet	FortiOS	Version: 7.2.0 Version: 7.0.0 ≤ 7.0.5 Version: 6.4.0 ≤ 6.4.15 Version: 6.2.0 ≤ 6.2.16 Version: 6.0.0 ≤ 6.0.18 Version: 6.4.0 ≤ cpe:2.3:o:fortinet:fortios:7.2.0:::::::* cpe:2.3:o:fortinet:fortios:7.0.5:::::::* cpe:2.3:o:fortinet:fortios:7.0.4:::::::* cpe:2.3:o:fortinet:fortios:7.0.3:::::::* cpe:2.3:o:fortinet:fortios:7.0.2:::::::* cpe:2.3:o:fortinet:fortios:7.0.1:::::::* cpe:2.3:o:fortinet:fortios:7.0.0:::::::* cpe:2.3:o:fortinet:fortios:6.4.15:::::::* cpe:2.3:o:fortinet:fortios:6.4.14:::::::* cpe:2.3:o:fortinet:fortios:6.4.13:::::::* cpe:2.3:o:fortinet:fortios:6.4.12:::::::* cpe:2.3:o:fortinet:fortios:6.4.11:::::::* cpe:2.3:o:fortinet:fortios:6.4.10:::::::* cpe:2.3:o:fortinet:fortios:6.4.9:::::::* cpe:2.3:o:fortinet:fortios:6.4.8:::::::* cpe:2.3:o:fortinet:fortios:6.4.7:::::::* cpe:2.3:o:fortinet:fortios:6.4.6:::::::* cpe:2.3:o:fortinet:fortios:6.4.5:::::::* cpe:2.3:o:fortinet:fortios:6.4.4:::::::* cpe:2.3:o:fortinet:fortios:6.4.3:::::::* cpe:2.3:o:fortinet:fortios:6.4.2:::::::* cpe:2.3:o:fortinet:fortios:6.4.1:::::::* cpe:2.3:o:fortinet:fortios:6.4.0:::::::* cpe:2.3:o:fortinet:fortios:6.2.16:::::::* cpe:2.3:o:fortinet:fortios:6.2.15:::::::* cpe:2.3:o:fortinet:fortios:6.2.14:::::::* cpe:2.3:o:fortinet:fortios:6.2.13:::::::* cpe:2.3:o:fortinet:fortios:6.2.12:::::::* cpe:2.3:o:fortinet:fortios:6.2.11:::::::* cpe:2.3:o:fortinet:fortios:6.2.10:::::::* cpe:2.3:o:fortinet:fortios:6.2.9:::::::* cpe:2.3:o:fortinet:fortios:6.2.8:::::::* cpe:2.3:o:fortinet:fortios:6.2.7:::::::* cpe:2.3:o:fortinet:fortios:6.2.6:::::::* cpe:2.3:o:fortinet:fortios:6.2.5:::::::* cpe:2.3:o:fortinet:fortios:6.2.4:::::::* cpe:2.3:o:fortinet:fortios:6.2.3:::::::* cpe:2.3:o:fortinet:fortios:6.2.2:::::::* cpe:2.3:o:fortinet:fortios:6.2.1:::::::* cpe:2.3:o:fortinet:fortios:6.2.0:::::::* cpe:2.3:o:fortinet:fortios:6.0.18:::::::* cpe:2.3:o:fortinet:fortios:6.0.17:::::::* cpe:2.3:o:fortinet:fortios:6.0.16:::::::* cpe:2.3:o:fortinet:fortios:6.0.15:::::::* cpe:2.3:o:fortinet:fortios:6.0.14:::::::* cpe:2.3:o:fortinet:fortios:6.0.13:::::::* cpe:2.3:o:fortinet:fortios:6.0.12:::::::* cpe:2.3:o:fortinet:fortios:6.0.11:::::::* cpe:2.3:o:fortinet:fortios:6.0.10:::::::* cpe:2.3:o:fortinet:fortios:6.0.9:::::::* cpe:2.3:o:fortinet:fortios:6.0.8:::::::* cpe:2.3:o:fortinet:fortios:6.0.7:::::::* cpe:2.3:o:fortinet:fortios:6.0.6:::::::* cpe:2.3:o:fortinet:fortios:6.0.5:::::::* cpe:2.3:o:fortinet:fortios:6.0.4:::::::* cpe:2.3:o:fortinet:fortios:6.0.3:::::::* cpe:2.3:o:fortinet:fortios:6.0.2:::::::* cpe:2.3:o:fortinet:fortios:6.0.1:::::::* cpe:2.3:o:fortinet:fortios:6.0.0:::::::* cpe:2.3:o:fortinet:fortios:6.4.:::::::
Fortinet	FortiMail	Version: 7.0.0 ≤ 7.0.3 Version: 6.4.0 ≤ 6.4.8 Version: 6.2.0 ≤ 6.2.9 Version: 6.0.0 ≤ 6.0.12 Version: 5.4.0 ≤ 5.4.12 Version: 7.2.0 ≤ cpe:2.3:a:fortinet:fortimail:7.0.3:::::::* cpe:2.3:a:fortinet:fortimail:7.0.2:::::::* cpe:2.3:a:fortinet:fortimail:7.0.1:::::::* cpe:2.3:a:fortinet:fortimail:7.0.0:::::::* cpe:2.3:a:fortinet:fortimail:6.4.8:::::::* cpe:2.3:a:fortinet:fortimail:6.4.7:::::::* cpe:2.3:a:fortinet:fortimail:6.4.6:::::::* cpe:2.3:a:fortinet:fortimail:6.4.5:::::::* cpe:2.3:a:fortinet:fortimail:6.4.4:::::::* cpe:2.3:a:fortinet:fortimail:6.4.3:::::::* cpe:2.3:a:fortinet:fortimail:6.4.2:::::::* cpe:2.3:a:fortinet:fortimail:6.4.1:::::::* cpe:2.3:a:fortinet:fortimail:6.4.0:::::::* cpe:2.3:a:fortinet:fortimail:6.2.9:::::::* cpe:2.3:a:fortinet:fortimail:6.2.8:::::::* cpe:2.3:a:fortinet:fortimail:6.2.7:::::::* cpe:2.3:a:fortinet:fortimail:6.2.6:::::::* cpe:2.3:a:fortinet:fortimail:6.2.5:::::::* cpe:2.3:a:fortinet:fortimail:6.2.4:::::::* cpe:2.3:a:fortinet:fortimail:6.2.3:::::::* cpe:2.3:a:fortinet:fortimail:6.2.2:::::::* cpe:2.3:a:fortinet:fortimail:6.2.1:::::::* cpe:2.3:a:fortinet:fortimail:6.2.0:::::::* cpe:2.3:a:fortinet:fortimail:6.0.12:::::::* cpe:2.3:a:fortinet:fortimail:6.0.11:::::::* cpe:2.3:a:fortinet:fortimail:6.0.10:::::::* cpe:2.3:a:fortinet:fortimail:6.0.9:::::::* cpe:2.3:a:fortinet:fortimail:6.0.8:::::::* cpe:2.3:a:fortinet:fortimail:6.0.7:::::::* cpe:2.3:a:fortinet:fortimail:6.0.6:::::::* cpe:2.3:a:fortinet:fortimail:6.0.5:::::::* cpe:2.3:a:fortinet:fortimail:6.0.4:::::::* cpe:2.3:a:fortinet:fortimail:6.0.3:::::::* cpe:2.3:a:fortinet:fortimail:6.0.2:::::::* cpe:2.3:a:fortinet:fortimail:6.0.1:::::::* cpe:2.3:a:fortinet:fortimail:6.0.0:::::::* cpe:2.3:a:fortinet:fortimail:5.4.12:::::::* cpe:2.3:a:fortinet:fortimail:5.4.11:::::::* cpe:2.3:a:fortinet:fortimail:5.4.10:::::::* cpe:2.3:a:fortinet:fortimail:5.4.9:::::::* cpe:2.3:a:fortinet:fortimail:5.4.8:::::::* cpe:2.3:a:fortinet:fortimail:5.4.7:::::::* cpe:2.3:a:fortinet:fortimail:5.4.6:::::::* cpe:2.3:a:fortinet:fortimail:5.4.5:::::::* cpe:2.3:a:fortinet:fortimail:5.4.4:::::::* cpe:2.3:a:fortinet:fortimail:5.4.3:::::::* cpe:2.3:a:fortinet:fortimail:5.4.2:::::::* cpe:2.3:a:fortinet:fortimail:5.4.1:::::::* cpe:2.3:a:fortinet:fortimail:5.4.0:::::::* cpe:2.3:a:fortinet:fortimail:7.2.:::::::
Fortinet	FortiSwitch	Version: 7.0.0 ≤ 7.0.4 Version: 6.4.0 ≤ 6.4.10 Version: 6.2.0 ≤ 6.2.8 Version: 6.0.0 ≤ 6.0.7 cpe:2.3:a:fortinet:fortiswitch:7.0.4:::::::* cpe:2.3:a:fortinet:fortiswitch:7.0.3:::::::* cpe:2.3:a:fortinet:fortiswitch:7.0.2:::::::* cpe:2.3:a:fortinet:fortiswitch:7.0.1:::::::* cpe:2.3:a:fortinet:fortiswitch:7.0.0:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.10:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.9:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.8:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.7:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.6:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.5:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.4:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.3:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.2:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.1:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.0:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.8:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.7:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.6:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.5:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.4:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.3:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.2:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.1:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.0:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.7:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.6:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.5:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.4:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.3:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.2:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.1:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.0:::::::*
Fortinet	FortiDDoS-F	Version: 6.3.0 ≤ 6.3.3 Version: 6.2.0 ≤ 6.2.3 Version: 6.1.0 ≤ 6.1.5 cpe:2.3:o:fortinet:fortiddos-f:6.3.3:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.3.2:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.3.1:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.3.0:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.2.3:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.2.2:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.2.1:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.2.0:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.1.5:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.1.4:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.1.3:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.1.2:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.1.1:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.1.0:::::::*
Fortinet	FortiProxy	Version: 7.0.0 ≤ 7.0.4 Version: 2.0.0 ≤ 2.0.14 Version: 1.2.0 ≤ 1.2.13 Version: 1.1.0 ≤ 1.1.6 Version: 1.0.0 ≤ 1.0.7
Fortinet	FortiRecorder	Version: 6.4.0 ≤ 6.4.2 Version: 6.0.0 ≤ 6.0.10 Version: 2.7.0 ≤ 2.7.7 Version: 2.6.0 ≤ 2.6.3 cpe:2.3:a:fortinet:fortirecorder:6.4.2:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.1:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.0:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.10:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.9:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.8:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.7:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.6:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.5:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.4:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.3:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.2:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.1:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.0:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.7:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.6:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.5:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.4:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.3:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.2:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.1:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.0:::::::* cpe:2.3:a:fortinet:fortirecorder:2.6.3:::::::* cpe:2.3:a:fortinet:fortirecorder:2.6.2:::::::* cpe:2.3:a:fortinet:fortirecorder:2.6.1:::::::* cpe:2.3:a:fortinet:fortirecorder:2.6.0:::::::*
Fortinet	FortiNDR	Version: 7.2.0 Version: 7.1.0 Version: 7.0.0 ≤ 7.0.6 Version: 1.5.0 ≤ 1.5.3 Version: 1.4.0 Version: 1.3.0 ≤ 1.3.1 Version: 1.2.0 Version: 1.1.0
Fortinet	FortiADC	Version: 7.0.0 ≤ 7.0.1 Version: 6.2.0 ≤ 6.2.3 Version: 6.1.0 ≤ 6.1.6 Version: 6.0.0 ≤ 6.0.4 Version: 5.4.0 ≤ 5.4.5 Version: 5.3.0 ≤ 5.3.7 Version: 5.2.0 ≤ 5.2.8 Version: 5.1.0 ≤ 5.1.7 Version: 5.0.0 ≤ 5.0.4 cpe:2.3:h:fortinet:fortiadc:7.0.1:::::::* cpe:2.3:h:fortinet:fortiadc:7.0.0:::::::* cpe:2.3:h:fortinet:fortiadc:6.2.3:::::::* cpe:2.3:h:fortinet:fortiadc:6.2.2:::::::* cpe:2.3:h:fortinet:fortiadc:6.2.1:::::::* cpe:2.3:h:fortinet:fortiadc:6.2.0:::::::* cpe:2.3:h:fortinet:fortiadc:6.1.6:::::::* cpe:2.3:h:fortinet:fortiadc:6.1.5:::::::* cpe:2.3:h:fortinet:fortiadc:6.1.4:::::::* cpe:2.3:h:fortinet:fortiadc:6.1.3:::::::* cpe:2.3:h:fortinet:fortiadc:6.1.2:::::::* cpe:2.3:h:fortinet:fortiadc:6.1.1:::::::* cpe:2.3:h:fortinet:fortiadc:6.1.0:::::::* cpe:2.3:h:fortinet:fortiadc:6.0.4:::::::* cpe:2.3:h:fortinet:fortiadc:6.0.3:::::::* cpe:2.3:h:fortinet:fortiadc:6.0.2:::::::* cpe:2.3:h:fortinet:fortiadc:6.0.1:::::::* cpe:2.3:h:fortinet:fortiadc:6.0.0:::::::* cpe:2.3:h:fortinet:fortiadc:5.4.5:::::::* cpe:2.3:h:fortinet:fortiadc:5.4.4:::::::* cpe:2.3:h:fortinet:fortiadc:5.4.3:::::::* cpe:2.3:h:fortinet:fortiadc:5.4.2:::::::* cpe:2.3:h:fortinet:fortiadc:5.4.1:::::::* cpe:2.3:h:fortinet:fortiadc:5.4.0:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.7:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.6:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.5:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.4:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.3:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.2:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.1:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.0:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.8:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.7:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.6:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.5:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.4:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.3:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.2:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.1:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.0:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.7:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.6:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.5:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.4:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.3:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.2:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.1:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.0:::::::* cpe:2.3:h:fortinet:fortiadc:5.0.4:::::::* cpe:2.3:h:fortinet:fortiadc:5.0.3:::::::* cpe:2.3:h:fortinet:fortiadc:5.0.2:::::::* cpe:2.3:h:fortinet:fortiadc:5.0.1:::::::* cpe:2.3:h:fortinet:fortiadc:5.0.0:::::::*
Fortinet	FortiManager	Version: 7.4.0 ≤ 7.4.3 Version: 7.2.0 ≤ 7.2.9 Version: 7.0.0 ≤ 7.0.13 Version: 6.4.0 ≤ 6.4.15 Version: 6.2.0 ≤ 6.2.13 cpe:2.3:o:fortinet:fortimanager:7.4.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.9:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.8:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.7:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.6:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.5:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.13:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.12:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.11:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.10:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.9:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.8:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.7:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.6:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.5:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.0:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.15:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.14:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.13:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.12:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.11:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.10:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.9:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.8:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.7:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.6:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.5:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.4:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.3:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.2:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.1:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.0:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.13:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.12:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.11:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.10:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.9:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.8:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.7:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.6:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.5:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.4:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.3:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.2:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.1:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.0:::::::*
Fortinet	FortiSOAR	Version: 7.2.0 ≤ 7.2.2 Version: 7.0.0 ≤ 7.0.3 Version: 6.4.3 ≤ 6.4.4 Version: 6.4.0 ≤ 6.4.1 cpe:2.3:a:fortinet:fortisoar:7.2.2:::::::* cpe:2.3:a:fortinet:fortisoar:7.2.1:::::::* cpe:2.3:a:fortinet:fortisoar:7.2.0:::::::* cpe:2.3:a:fortinet:fortisoar:7.0.3:::::::* cpe:2.3:a:fortinet:fortisoar:7.0.2:::::::* cpe:2.3:a:fortinet:fortisoar:7.0.1:::::::* cpe:2.3:a:fortinet:fortisoar:7.0.0:::::::* cpe:2.3:a:fortinet:fortisoar:6.4.4:::::::* cpe:2.3:a:fortinet:fortisoar:6.4.3:::::::* cpe:2.3:a:fortinet:fortisoar:6.4.1:::::::* cpe:2.3:a:fortinet:fortisoar:6.4.0:::::::*
Fortinet	FortiVoice	Version: 7.0.0 ≤ 7.0.1 Version: 6.4.0 ≤ 6.4.8 Version: 6.0.0 ≤ 6.0.11 cpe:2.3:a:fortinet:fortivoice:7.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.11:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.10:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.9:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.0:::::::*
Fortinet	FortiDDoS	Version: 5.5.0 ≤ 5.5.1 Version: 5.4.0 ≤ 5.4.3 Version: 5.3.0 ≤ 5.3.2 Version: 5.2.0 Version: 5.1.0 Version: 5.0.0 Version: 4.7.0 Version: 4.6.0 Version: 4.5.0 cpe:2.3:o:fortinet:fortiddos:5.5.1:::::::* cpe:2.3:o:fortinet:fortiddos:5.5.0:::::::* cpe:2.3:o:fortinet:fortiddos:5.4.3:::::::* cpe:2.3:o:fortinet:fortiddos:5.4.2:::::::* cpe:2.3:o:fortinet:fortiddos:5.4.1:::::::* cpe:2.3:o:fortinet:fortiddos:5.4.0:::::::* cpe:2.3:o:fortinet:fortiddos:5.3.2:::::::* cpe:2.3:o:fortinet:fortiddos:5.3.1:::::::* cpe:2.3:o:fortinet:fortiddos:5.3.0:::::::* cpe:2.3:o:fortinet:fortiddos:5.2.0:::::::* cpe:2.3:o:fortinet:fortiddos:5.1.0:::::::* cpe:2.3:o:fortinet:fortiddos:5.0.0:::::::* cpe:2.3:o:fortinet:fortiddos:4.7.0:::::::* cpe:2.3:o:fortinet:fortiddos:4.6.0:::::::* cpe:2.3:o:fortinet:fortiddos:4.5.0:::::::*
Fortinet	FortiWLC	Version: 8.6.0 ≤ 8.6.7 Version: 8.5.0 ≤ 8.5.5 Version: 8.4.4 ≤ 8.4.8 Version: 8.4.0 ≤ 8.4.2 cpe:2.3:a:fortinet:fortiwlc:8.6.7:::::::* cpe:2.3:a:fortinet:fortiwlc:8.6.6:::::::* cpe:2.3:a:fortinet:fortiwlc:8.6.5:::::::* cpe:2.3:a:fortinet:fortiwlc:8.6.4:::::::* cpe:2.3:a:fortinet:fortiwlc:8.6.3:::::::* cpe:2.3:a:fortinet:fortiwlc:8.6.2:::::::* cpe:2.3:a:fortinet:fortiwlc:8.6.1:::::::* cpe:2.3:a:fortinet:fortiwlc:8.6.0:::::::* cpe:2.3:a:fortinet:fortiwlc:8.5.5:::::::* cpe:2.3:a:fortinet:fortiwlc:8.5.4:::::::* cpe:2.3:a:fortinet:fortiwlc:8.5.3:::::::* cpe:2.3:a:fortinet:fortiwlc:8.5.2:::::::* cpe:2.3:a:fortinet:fortiwlc:8.5.1:::::::* cpe:2.3:a:fortinet:fortiwlc:8.5.0:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.8:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.7:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.6:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.5:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.4:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.2:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.1:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.0:::::::*
Fortinet	FortiAnalyzer	Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.9 Version: 7.0.0 ≤ 7.0.13 Version: 6.4.0 ≤ 6.4.15 Version: 6.2.0 ≤ 6.2.13 cpe:2.3:o:fortinet:fortianalyzer:7.4.2:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.4.1:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.4.0:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.9:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.8:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.7:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.6:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.5:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.4:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.3:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.2:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.1:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.0:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.13:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.12:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.11:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.10:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.9:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.8:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.7:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.6:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.5:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.4:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.3:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.2:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.1:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.0:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.15:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.14:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.13:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.12:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.11:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.10:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.9:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.8:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.7:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.6:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.5:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.4:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.3:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.2:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.1:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.0:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.13:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.12:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.11:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.10:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.9:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.8:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.7:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.6:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.5:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.4:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.3:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.2:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.1:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.0:::::::*
Fortinet	FortiPortal	Version: 6.0.0 ≤ 6.0.9
Fortinet	FortiAuthenticator	Version: 6.4.0 ≤ 6.4.1 Version: 6.3.0 ≤ 6.3.3 Version: 6.2.0 ≤ 6.2.2 Version: 6.1.0 ≤ 6.1.3 Version: 6.0.0 ≤ 6.0.8 Version: 5.5.0 Version: 5.4.0 ≤ 5.4.1 Version: 5.3.0 ≤ 5.3.1 Version: 5.2.0 ≤ 5.2.2 Version: 5.1.0 ≤ 5.1.2 cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:::::::*

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-23439",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-22T14:21:27.552014Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-22T14:21:36.714Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               cpes: [],
               defaultStatus: "unaffected",
               product: "FortiTester",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.2.1",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.1.1",
                     status: "affected",
                     version: "7.1.0",
                     versionType: "semver",
                  },
                  {
                     status: "affected",
                     version: "7.0.0",
                  },
                  {
                     lessThanOrEqual: "4.2.1",
                     status: "affected",
                     version: "4.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "4.1.1",
                     status: "affected",
                     version: "4.1.0",
                     versionType: "semver",
                  },
                  {
                     status: "affected",
                     version: "4.0.0",
                  },
                  {
                     lessThanOrEqual: "3.9.2",
                     status: "affected",
                     version: "3.9.0",
                     versionType: "semver",
                  },
                  {
                     status: "affected",
                     version: "3.8.0",
                  },
                  {
                     lessThanOrEqual: "3.7.1",
                     status: "affected",
                     version: "3.7.0",
                     versionType: "semver",
                  },
                  {
                     status: "affected",
                     version: "3.6.0",
                  },
                  {
                     lessThanOrEqual: "3.5.1",
                     status: "affected",
                     version: "3.5.0",
                     versionType: "semver",
                  },
                  {
                     status: "affected",
                     version: "3.4.0",
                  },
                  {
                     lessThanOrEqual: "3.3.1",
                     status: "affected",
                     version: "3.3.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiOS",
               vendor: "Fortinet",
               versions: [
                  {
                     status: "affected",
                     version: "7.2.0",
                  },
                  {
                     lessThanOrEqual: "7.0.5",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.15",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.2.16",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.18",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "6.4.*",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortimail:7.2.*:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiMail",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.0.3",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.8",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.2.9",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.12",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.4.12",
                     status: "affected",
                     version: "5.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "7.2.*",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiSwitch",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.0.4",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.10",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.2.8",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.7",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiDDoS-F",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "6.3.3",
                     status: "affected",
                     version: "6.3.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.2.3",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.1.5",
                     status: "affected",
                     version: "6.1.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [],
               defaultStatus: "unaffected",
               product: "FortiProxy",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.0.4",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "2.0.14",
                     status: "affected",
                     version: "2.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "1.2.13",
                     status: "affected",
                     version: "1.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "1.1.6",
                     status: "affected",
                     version: "1.1.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "1.0.7",
                     status: "affected",
                     version: "1.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiRecorder",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "6.4.2",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.10",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "2.7.7",
                     status: "affected",
                     version: "2.7.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "2.6.3",
                     status: "affected",
                     version: "2.6.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [],
               defaultStatus: "unaffected",
               product: "FortiNDR",
               vendor: "Fortinet",
               versions: [
                  {
                     status: "affected",
                     version: "7.2.0",
                  },
                  {
                     status: "affected",
                     version: "7.1.0",
                  },
                  {
                     lessThanOrEqual: "7.0.6",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "1.5.3",
                     status: "affected",
                     version: "1.5.0",
                     versionType: "semver",
                  },
                  {
                     status: "affected",
                     version: "1.4.0",
                  },
                  {
                     lessThanOrEqual: "1.3.1",
                     status: "affected",
                     version: "1.3.0",
                     versionType: "semver",
                  },
                  {
                     status: "affected",
                     version: "1.2.0",
                  },
                  {
                     status: "affected",
                     version: "1.1.0",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiADC",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.0.1",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.2.3",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.1.6",
                     status: "affected",
                     version: "6.1.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.4",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.4.5",
                     status: "affected",
                     version: "5.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.3.7",
                     status: "affected",
                     version: "5.3.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.2.8",
                     status: "affected",
                     version: "5.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.1.7",
                     status: "affected",
                     version: "5.1.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.0.4",
                     status: "affected",
                     version: "5.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiManager",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.4.3",
                     status: "affected",
                     version: "7.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.2.9",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.13",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.15",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.2.13",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiSOAR",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.2.2",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.3",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.4",
                     status: "affected",
                     version: "6.4.3",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.1",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiVoice",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.0.1",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.8",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.11",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiDDoS",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "5.5.1",
                     status: "affected",
                     version: "5.5.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.4.3",
                     status: "affected",
                     version: "5.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.3.2",
                     status: "affected",
                     version: "5.3.0",
                     versionType: "semver",
                  },
                  {
                     status: "affected",
                     version: "5.2.0",
                  },
                  {
                     status: "affected",
                     version: "5.1.0",
                  },
                  {
                     status: "affected",
                     version: "5.0.0",
                  },
                  {
                     status: "affected",
                     version: "4.7.0",
                  },
                  {
                     status: "affected",
                     version: "4.6.0",
                  },
                  {
                     status: "affected",
                     version: "4.5.0",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiWLC",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "8.6.7",
                     status: "affected",
                     version: "8.6.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "8.5.5",
                     status: "affected",
                     version: "8.5.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "8.4.8",
                     status: "affected",
                     version: "8.4.4",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "8.4.2",
                     status: "affected",
                     version: "8.4.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiAnalyzer",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.4.2",
                     status: "affected",
                     version: "7.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.2.9",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.13",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.15",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.2.13",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [],
               defaultStatus: "unaffected",
               product: "FortiPortal",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "6.0.9",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiAuthenticator",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "6.4.1",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.3.3",
                     status: "affected",
                     version: "6.3.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.2.2",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.1.3",
                     status: "affected",
                     version: "6.1.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.8",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
                  {
                     status: "affected",
                     version: "5.5.0",
                  },
                  {
                     lessThanOrEqual: "5.4.1",
                     status: "affected",
                     version: "5.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.3.1",
                     status: "affected",
                     version: "5.3.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.2.2",
                     status: "affected",
                     version: "5.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.1.2",
                     status: "affected",
                     version: "5.1.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-610",
                     description: "Improper access control",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-22T09:10:28.669Z",
            orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            shortName: "fortinet",
         },
         references: [
            {
               name: "https://fortiguard.com/psirt/FG-IR-21-254",
               url: "https://fortiguard.com/psirt/FG-IR-21-254",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "FortiOS\nAdministrative Interface\nPlease upgrade to FortiOS version 7.0.6 and above,\nPlease upgrade to FortiOS version 7.2.1 and above.\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n    set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n                 set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebfilter interface (port 8008)\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nPlease upgrade to FortiOS version 7.0.12 or above\nPlease upgrade to FortiOS version 6.4.13 or above\n\nFortiProxy\nAdministrative Interface\nPlease upgrade to FortiProxy version 7.0.5 and above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n    set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiProxy version 7.4.0 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n                 set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebFilter interface (port 8008)\nPlease upgrade to FortiProxy version 7.4.0 or above\n\nPlease upgrade to FortiRecorder version 7.0.0 or above \nPlease upgrade to FortiRecorder version 6.4.3 or above \nPlease upgrade to FortiRecorder version 6.0.11 or above \nPlease upgrade to FortiNDR version 7.4.0 or above\n\nFortiNDR\nPlease upgrade to FortiNDR version 7.2.1 or above\nPlease upgrade to FortiNDR version 7.1.1 or above\nAND\nSet the `https-redirect-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n    set https-redirect-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\nend\n\nFortiADC\nPlease upgrade to FortiADC version 7.1.0 or above\nPlease upgrade to FortiADC version 7.0.2 or above\nPlease upgrade to FortiADC version 6.2.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n  config system global\n    set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\n\nFortiDDOS-F\nPlease upgrade to FortiDDoS-F version 6.4.0 or above\nPlease upgrade to FortiDDoS-F version 6.3.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n  config system global\n    set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\" \n\nPlease upgrade to FortiSwitch version 7.2.0 or above \nPlease upgrade to FortiSwitch version 7.0.5 or above \nPlease upgrade to FortiSwitch version 6.4.11 or above \nPlease upgrade to FortiVoice version 7.0.2 or above\nPlease upgrade to FortiVoice version 6.4.9 or above\nPlease upgrade to FortiMail version 7.2.0 or above \nPlease upgrade to FortiMail version 7.0.4 or above \nPlease upgrade to FortiWLC version 8.6.7 or above \nPlease upgrade to FortiAuthenticator version 6.4.2 or above \nPlease upgrade to FortiAuthenticator version 6.3.4 or above \nPlease upgrade to FortiDDoS version 5.6.0 or above \nPlease upgrade to FortiDDoS version 5.5.2 or above \nPlease upgrade to FortiSOAR version 7.3.0 or above \nPlease upgrade to FortiTester version 7.3.0 or above \nPlease upgrade to FortiTester version 7.2.2 or above",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
      assignerShortName: "fortinet",
      cveId: "CVE-2022-23439",
      datePublished: "2025-01-22T09:10:28.669Z",
      dateReserved: "2022-01-19T07:38:03.512Z",
      dateUpdated: "2025-01-22T14:21:36.714Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-42755

Vulnerability from cvelistv5

Published

2022-07-18 16:35

Modified

2024-08-04 03:38

Severity ?

4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:U/RC:C

Summary

An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.

References

▼	URL	Tags
	https://fortiguard.com/psirt/FG-IR-21-155	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiSwitch, FortiRecorder, FortiVoiceEnterprise, FortiOS, FortiProxy	Version: FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T03:38:50.211Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://fortiguard.com/psirt/FG-IR-21-155",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Fortinet FortiSwitch, FortiRecorder, FortiVoiceEnterprise, FortiOS, FortiProxy",
               vendor: "Fortinet",
               versions: [
                  {
                     status: "affected",
                     version: "FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitCodeMaturity: "FUNCTIONAL",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  remediationLevel: "UNAVAILABLE",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 4.2,
                  temporalSeverity: "MEDIUM",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:U/RC:C",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Denial of service",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-18T16:35:20",
            orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            shortName: "fortinet",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://fortiguard.com/psirt/FG-IR-21-155",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@fortinet.com",
               ID: "CVE-2021-42755",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Fortinet FortiSwitch, FortiRecorder, FortiVoiceEnterprise, FortiOS, FortiProxy",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Fortinet",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "Low",
                  attackVector: "Adjacent",
                  availabilityImpact: "Low",
                  baseScore: 4.2,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  userInteraction: "None",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:U/RC:C",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Denial of service",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://fortiguard.com/psirt/FG-IR-21-155",
                     refsource: "CONFIRM",
                     url: "https://fortiguard.com/psirt/FG-IR-21-155",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
      assignerShortName: "fortinet",
      cveId: "CVE-2021-42755",
      datePublished: "2022-07-18T16:35:20",
      dateReserved: "2021-10-20T00:00:00",
      dateUpdated: "2024-08-04T03:38:50.211Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-27488

Vulnerability from cvelistv5

Published

2023-12-13 06:39

Modified

2024-08-03 05:32

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C

Summary

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.

References

▼	URL	Tags
	https://fortiguard.com/psirt/FG-IR-22-038

Impacted products

Vendor

Product

Version

▼

Fortinet

FortiVoice

Version: 6.4.0 ≤ 6.4.7
Version: 6.0.0 ≤ 6.0.11

Fortinet	FortiRecorder	Version: 6.4.0 ≤ 6.4.2 Version: 6.0.0 ≤ 6.0.11 Version: 2.7.0 ≤ 2.7.7 Version: 2.6.0 ≤ 2.6.3
Fortinet	FortiSwitch	Version: 7.0.0 ≤ 7.0.4 Version: 6.4.0 ≤ 6.4.10 Version: 6.2.0 ≤ 6.2.8 Version: 6.0.0 ≤ 6.0.7
Fortinet	FortiNDR	Version: 7.1.0 Version: 7.0.0 ≤ 7.0.4 Version: 1.5.0 ≤ 1.5.3 Version: 1.4.0 Version: 1.3.0 ≤ 1.3.1 Version: 1.2.0 Version: 1.1.0
Fortinet	FortiMail	Version: 7.0.0 ≤ 7.0.3 Version: 6.4.0 ≤ 6.4.6 Version: 6.2.0 ≤ 6.2.9 Version: 6.0.0 ≤ 6.0.12

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T05:32:57.924Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "https://fortiguard.com/psirt/FG-IR-22-038",
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://fortiguard.com/psirt/FG-IR-22-038",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "FortiVoice",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "6.4.7",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.11",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "FortiRecorder",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "6.4.2",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.11",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "2.7.7",
                     status: "affected",
                     version: "2.7.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "2.6.3",
                     status: "affected",
                     version: "2.6.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "FortiSwitch",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.0.4",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.10",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.2.8",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.7",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "FortiNDR",
               vendor: "Fortinet",
               versions: [
                  {
                     status: "affected",
                     version: "7.1.0",
                  },
                  {
                     lessThanOrEqual: "7.0.4",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "1.5.3",
                     status: "affected",
                     version: "1.5.0",
                     versionType: "semver",
                  },
                  {
                     status: "affected",
                     version: "1.4.0",
                  },
                  {
                     lessThanOrEqual: "1.3.1",
                     status: "affected",
                     version: "1.3.0",
                     versionType: "semver",
                  },
                  {
                     status: "affected",
                     version: "1.2.0",
                  },
                  {
                     status: "affected",
                     version: "1.1.0",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "FortiMail",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.0.3",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.6",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.2.9",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.12",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-352",
                     description: "Execute unauthorized code or commands",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-12-13T06:39:42.998Z",
            orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            shortName: "fortinet",
         },
         references: [
            {
               name: "https://fortiguard.com/psirt/FG-IR-22-038",
               url: "https://fortiguard.com/psirt/FG-IR-22-038",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Please upgrade to FortiVoice version 7.0.0 or above \nPlease upgrade to FortiVoice version 6.4.8 or above \nPlease upgrade to FortiVoice version 6.0.12 or above \nPlease upgrade to FortiRecorder version 7.0.0 or above \nPlease upgrade to FortiRecorder version 6.4.3 or above \nPlease upgrade to FortiRecorder version 6.0.12 or above \nPlease upgrade to FortiSwitch version 7.2.0 or above \nPlease upgrade to FortiSwitch version 7.0.5 or above \nPlease upgrade to FortiSwitch version 6.4.11 or above \nPlease upgrade to FortiNDR version 7.2.0 or above \nPlease upgrade to FortiNDR version 7.1.1 or above \nPlease upgrade to FortiNDR version 7.0.5 or above \nPlease upgrade to FortiMail version 7.2.0 or above \nPlease upgrade to FortiMail version 7.0.4 or above \nPlease upgrade to FortiMail version 6.4.7 or above \n",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
      assignerShortName: "fortinet",
      cveId: "CVE-2022-27488",
      datePublished: "2023-12-13T06:39:42.998Z",
      dateReserved: "2022-03-21T16:03:48.575Z",
      dateUpdated: "2024-08-03T05:32:57.924Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-9294

Vulnerability from cvelistv5

Published

2020-04-27 16:20

Modified

2024-08-04 10:26

Severity ?

Summary

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.

References

▼	URL	Tags
	https://fortiguard.com/psirt/FG-IR-20-045	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Fortinet

FortiMail

Version: 5.4.10
Version: 6.0.7
Version: 6.2.2 and earlier

Fortinet

FortiVoiceEnterprise

Version: 6.0.0
Version: 6.0.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:26:16.032Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://fortiguard.com/psirt/FG-IR-20-045",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "FortiMail",
               vendor: "Fortinet",
               versions: [
                  {
                     status: "affected",
                     version: "5.4.10",
                  },
                  {
                     status: "affected",
                     version: "6.0.7",
                  },
                  {
                     status: "affected",
                     version: "6.2.2 and earlier",
                  },
               ],
            },
            {
               product: "FortiVoiceEnterprise",
               vendor: "Fortinet",
               versions: [
                  {
                     status: "affected",
                     version: "6.0.0",
                  },
                  {
                     status: "affected",
                     version: "6.0.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Improper Access Control",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-27T16:20:22",
            orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            shortName: "fortinet",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://fortiguard.com/psirt/FG-IR-20-045",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@fortinet.com",
               ID: "CVE-2020-9294",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "FortiMail",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "5.4.10",
                                       },
                                       {
                                          version_value: "6.0.7",
                                       },
                                       {
                                          version_value: "6.2.2 and earlier",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "FortiVoiceEnterprise",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "6.0.0",
                                       },
                                       {
                                          version_value: "6.0.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Fortinet",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Improper Access Control",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://fortiguard.com/psirt/FG-IR-20-045",
                     refsource: "CONFIRM",
                     url: "https://fortiguard.com/psirt/FG-IR-20-045",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
      assignerShortName: "fortinet",
      cveId: "CVE-2020-9294",
      datePublished: "2020-04-27T16:20:22",
      dateReserved: "2020-02-19T00:00:00",
      dateUpdated: "2024-08-04T10:26:16.032Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-37931

Vulnerability from cvelistv5

Published

2025-01-14 14:10

Modified

2025-02-18 21:35

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RC:C

Summary

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests

References

▼	URL	Tags
	https://fortiguard.com/psirt/FG-IR-23-220

Impacted products

	Vendor	Product	Version
	Fortinet	FortiVoice	Version: 7.0.0 ≤ 7.0.1 Version: 6.4.0 ≤ 6.4.8 Version: 6.0.0 ≤ 6.0.12 cpe:2.3:a:fortinet:fortivoice:7.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.12:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.11:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.10:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.9:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-37931",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-14T14:20:56.927727Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-18T21:35:20.264Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               cpes: [
                  "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiVoice",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.0.1",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.8",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.12",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.6,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "Execute unauthorized code or commands",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-14T14:10:00.867Z",
            orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            shortName: "fortinet",
         },
         references: [
            {
               name: "https://fortiguard.com/psirt/FG-IR-23-220",
               url: "https://fortiguard.com/psirt/FG-IR-23-220",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Please upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
      assignerShortName: "fortinet",
      cveId: "CVE-2023-37931",
      datePublished: "2025-01-14T14:10:00.867Z",
      dateReserved: "2023-07-11T08:16:54.092Z",
      dateUpdated: "2025-02-18T21:35:20.264Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-48884

Vulnerability from cvelistv5

Published

2025-01-14 14:09

Modified

2025-01-16 16:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C

Summary

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets.

References

▼	URL	Tags
	https://fortiguard.fortinet.com/psirt/FG-IR-24-259

Impacted products

Vendor

Product

Version

▼

Fortinet

FortiManager

Version: 7.6.0   ≤ 7.6.1
Version: 7.4.1   ≤ 7.4.3
    cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*

	Fortinet	FortiOS	Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.9 Version: 7.0.0 ≤ 7.0.15 Version: 6.4.0 ≤ 6.4.15 cpe:2.3:o:fortinet:fortios:7.6.0:::::::* cpe:2.3:o:fortinet:fortios:7.4.4:::::::* cpe:2.3:o:fortinet:fortios:7.4.3:::::::* cpe:2.3:o:fortinet:fortios:7.4.2:::::::* cpe:2.3:o:fortinet:fortios:7.4.1:::::::* cpe:2.3:o:fortinet:fortios:7.4.0:::::::* cpe:2.3:o:fortinet:fortios:7.2.9:::::::* cpe:2.3:o:fortinet:fortios:7.2.8:::::::* cpe:2.3:o:fortinet:fortios:7.2.7:::::::* cpe:2.3:o:fortinet:fortios:7.2.6:::::::* cpe:2.3:o:fortinet:fortios:7.2.5:::::::* cpe:2.3:o:fortinet:fortios:7.2.4:::::::* cpe:2.3:o:fortinet:fortios:7.2.3:::::::* cpe:2.3:o:fortinet:fortios:7.2.2:::::::* cpe:2.3:o:fortinet:fortios:7.2.1:::::::* cpe:2.3:o:fortinet:fortios:7.2.0:::::::* cpe:2.3:o:fortinet:fortios:7.0.15:::::::* cpe:2.3:o:fortinet:fortios:7.0.14:::::::* cpe:2.3:o:fortinet:fortios:7.0.13:::::::* cpe:2.3:o:fortinet:fortios:7.0.12:::::::* cpe:2.3:o:fortinet:fortios:7.0.11:::::::* cpe:2.3:o:fortinet:fortios:7.0.10:::::::* cpe:2.3:o:fortinet:fortios:7.0.9:::::::* cpe:2.3:o:fortinet:fortios:7.0.8:::::::* cpe:2.3:o:fortinet:fortios:7.0.7:::::::* cpe:2.3:o:fortinet:fortios:7.0.6:::::::* cpe:2.3:o:fortinet:fortios:7.0.5:::::::* cpe:2.3:o:fortinet:fortios:7.0.4:::::::* cpe:2.3:o:fortinet:fortios:7.0.3:::::::* cpe:2.3:o:fortinet:fortios:7.0.2:::::::* cpe:2.3:o:fortinet:fortios:7.0.1:::::::* cpe:2.3:o:fortinet:fortios:7.0.0:::::::* cpe:2.3:o:fortinet:fortios:6.4.15:::::::* cpe:2.3:o:fortinet:fortios:6.4.14:::::::* cpe:2.3:o:fortinet:fortios:6.4.13:::::::* cpe:2.3:o:fortinet:fortios:6.4.12:::::::* cpe:2.3:o:fortinet:fortios:6.4.11:::::::* cpe:2.3:o:fortinet:fortios:6.4.10:::::::* cpe:2.3:o:fortinet:fortios:6.4.9:::::::* cpe:2.3:o:fortinet:fortios:6.4.8:::::::* cpe:2.3:o:fortinet:fortios:6.4.7:::::::* cpe:2.3:o:fortinet:fortios:6.4.6:::::::* cpe:2.3:o:fortinet:fortios:6.4.5:::::::* cpe:2.3:o:fortinet:fortios:6.4.4:::::::* cpe:2.3:o:fortinet:fortios:6.4.3:::::::* cpe:2.3:o:fortinet:fortios:6.4.2:::::::* cpe:2.3:o:fortinet:fortios:6.4.1:::::::* cpe:2.3:o:fortinet:fortios:6.4.0:::::::*
	Fortinet	FortiProxy	Version: 7.4.0 ≤ 7.4.5 Version: 7.2.0 ≤ 7.2.11 Version: 7.0.0 ≤ 7.0.18 Version: 2.0.0 ≤ 2.0.14 Version: 1.2.0 ≤ 1.2.13 Version: 1.1.0 ≤ 1.1.6 Version: 1.0.0 ≤ 1.0.7

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-48884",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-14T15:17:58.698254Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-14T20:55:28.999Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               cpes: [
                  "cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiManager",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.6.1",
                     status: "affected",
                     version: "7.6.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.4.3",
                     status: "affected",
                     version: "7.4.1",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiOS",
               vendor: "Fortinet",
               versions: [
                  {
                     status: "affected",
                     version: "7.6.0",
                  },
                  {
                     lessThanOrEqual: "7.4.4",
                     status: "affected",
                     version: "7.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.2.9",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.15",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.15",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [],
               defaultStatus: "unaffected",
               product: "FortiProxy",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.4.5",
                     status: "affected",
                     version: "7.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.2.11",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.18",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "2.0.14",
                     status: "affected",
                     version: "2.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "1.2.13",
                     status: "affected",
                     version: "1.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "1.1.6",
                     status: "affected",
                     version: "1.1.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "1.0.7",
                     status: "affected",
                     version: "1.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-22",
                     description: "Escalation of privilege",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-16T16:15:35.420Z",
            orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            shortName: "fortinet",
         },
         references: [
            {
               name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-259",
               url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-259",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Please upgrade to FortiRecorder version 7.2.2 or above \nPlease upgrade to FortiRecorder version 7.0.5 or above \nPlease upgrade to FortiProxy version 7.4.6 or above \nPlease upgrade to FortiProxy version 7.2.12 or above \nPlease upgrade to FortiProxy version 7.0.19 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiWeb version 7.6.1 or above \nPlease upgrade to FortiWeb version 7.4.5 or above \nPlease upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.10 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiManager version 7.6.2 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiVoice version 7.2.0 or above \nPlease upgrade to FortiVoice version 7.0.5 or above \nPlease upgrade to FortiVoice version 6.4.10 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
      assignerShortName: "fortinet",
      cveId: "CVE-2024-48884",
      datePublished: "2025-01-14T14:09:26.476Z",
      dateReserved: "2024-10-09T09:03:09.960Z",
      dateUpdated: "2025-01-16T16:15:35.420Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-40720

Vulnerability from cvelistv5

Published

2024-05-14 16:19

Modified

2024-08-02 18:38

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:P/RC:C

Summary

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.

References

▼	URL	Tags
	https://fortiguard.com/psirt/FG-IR-23-282

Impacted products

	Vendor	Product	Version
	Fortinet	FortiVoice	Version: 7.0.0 ≤ 7.0.1 Version: 6.4.0 ≤ 6.4.8 Version: 6.0.0 ≤ 6.0.12

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "fortivoice",
                  vendor: "fortinet",
                  versions: [
                     {
                        lessThanOrEqual: "6.4.8",
                        status: "affected",
                        version: "6.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "fortivoice",
                  vendor: "fortinet",
                  versions: [
                     {
                        lessThan: "6.1.0",
                        status: "affected",
                        version: "6.0.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "fortivoice",
                  vendor: "fortinet",
                  versions: [
                     {
                        lessThanOrEqual: "7.0.1",
                        status: "affected",
                        version: "7.0.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-40720",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-05-14T18:45:02.788040Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-05T20:43:50.771Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T18:38:51.211Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "https://fortiguard.com/psirt/FG-IR-23-282",
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://fortiguard.com/psirt/FG-IR-23-282",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "FortiVoice",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.0.1",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.8",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.12",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 6.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:P/RL:X/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-639",
                     description: "Improper access control",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-05-14T16:19:12.993Z",
            orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            shortName: "fortinet",
         },
         references: [
            {
               name: "https://fortiguard.com/psirt/FG-IR-23-282",
               url: "https://fortiguard.com/psirt/FG-IR-23-282",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Please upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \n",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
      assignerShortName: "fortinet",
      cveId: "CVE-2023-40720",
      datePublished: "2024-05-14T16:19:12.993Z",
      dateReserved: "2023-08-21T09:03:44.316Z",
      dateUpdated: "2024-08-02T18:38:51.211Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-42757

Vulnerability from cvelistv5

Published

2021-12-08 11:01

Modified

2024-08-04 03:38

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

Summary

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

References

▼	URL	Tags
	https://fortiguard.com/advisory/FG-IR-21-173	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiOS	Version: FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T03:38:50.116Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://fortiguard.com/advisory/FG-IR-21-173",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Fortinet FortiOS",
               vendor: "Fortinet",
               versions: [
                  {
                     status: "affected",
                     version: "FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitCodeMaturity: "PROOF_OF_CONCEPT",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  remediationLevel: "UNAVAILABLE",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 6.3,
                  temporalSeverity: "MEDIUM",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Execute unauthorized code or commands",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-12-08T11:01:11",
            orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            shortName: "fortinet",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://fortiguard.com/advisory/FG-IR-21-173",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@fortinet.com",
               ID: "CVE-2021-42757",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Fortinet FortiOS",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Fortinet",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "Low",
                  attackVector: "Local",
                  availabilityImpact: "High",
                  baseScore: 6.3,
                  baseSeverity: "Medium",
                  confidentialityImpact: "High",
                  integrityImpact: "High",
                  privilegesRequired: "High",
                  scope: "Unchanged",
                  userInteraction: "None",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Execute unauthorized code or commands",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://fortiguard.com/advisory/FG-IR-21-173",
                     refsource: "CONFIRM",
                     url: "https://fortiguard.com/advisory/FG-IR-21-173",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
      assignerShortName: "fortinet",
      cveId: "CVE-2021-42757",
      datePublished: "2021-12-08T11:01:11",
      dateReserved: "2021-10-20T00:00:00",
      dateUpdated: "2024-08-04T03:38:50.116Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-48885

Vulnerability from cvelistv5

Published

2025-01-16 09:01

Modified

2025-01-16 14:16

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:U/RC:C

Summary

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets.

References

▼	URL	Tags
	https://fortiguard.fortinet.com/psirt/FG-IR-24-259

Impacted products

Vendor

Product

Version

▼

Fortinet

FortiRecorder

Version: 7.2.0   ≤ 7.2.1
Version: 7.0.0   ≤ 7.0.4
    cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*

	Fortinet	FortiWeb	Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.10 Version: 7.0.0 ≤ 7.0.10 Version: 6.4.0 ≤ 6.4.3
	Fortinet	FortiVoice	Version: 7.0.0 ≤ 7.0.4 Version: 6.4.0 ≤ 6.4.9 Version: 6.0.0 ≤ 6.0.12 cpe:2.3:a:fortinet:fortivoice:7.0.4:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.3:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.2:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.9:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.12:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.11:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.10:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.9:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-48885",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-16T14:15:57.157206Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-16T14:16:29.431Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               cpes: [
                  "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiRecorder",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.2.1",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.4",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [],
               defaultStatus: "unaffected",
               product: "FortiWeb",
               vendor: "Fortinet",
               versions: [
                  {
                     status: "affected",
                     version: "7.6.0",
                  },
                  {
                     lessThanOrEqual: "7.4.4",
                     status: "affected",
                     version: "7.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.2.10",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.10",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.3",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiVoice",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.0.4",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.9",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.12",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 5.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:U/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-22",
                     description: "Escalation of privilege",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-16T09:01:52.958Z",
            orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            shortName: "fortinet",
         },
         references: [
            {
               name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-259",
               url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-259",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Please upgrade to FortiRecorder version 7.2.2 or above \nPlease upgrade to FortiRecorder version 7.0.5 or above \nPlease upgrade to FortiProxy version 7.4.6 or above \nPlease upgrade to FortiProxy version 7.2.12 or above \nPlease upgrade to FortiProxy version 7.0.19 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiWeb version 7.6.1 or above \nPlease upgrade to FortiWeb version 7.4.5 or above \nPlease upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.10 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiManager version 7.6.2 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiVoice version 7.2.0 or above \nPlease upgrade to FortiVoice version 7.0.5 or above \nPlease upgrade to FortiVoice version 6.4.10 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
      assignerShortName: "fortinet",
      cveId: "CVE-2024-48885",
      datePublished: "2025-01-16T09:01:52.958Z",
      dateReserved: "2024-10-09T09:03:09.960Z",
      dateUpdated: "2025-01-16T14:16:29.431Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

var-202401-2636

Vulnerability from variot

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202401-2636",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "fortivoice",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortivoice",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.12",
         },
         {
            model: "fortivoice",
            scope: "lt",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.8",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.0",
         },
         {
            model: "fortivoice",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2023-37932",
         },
      ],
   },
   cve: "CVE-2023-37932",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "nvd@nist.gov",
                  availabilityImpact: "NONE",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  id: "CVE-2023-37932",
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  trust: 2,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2023-37932",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "psirt@fortinet.com",
                  id: "CVE-2023-37932",
                  trust: 1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2023-37932",
         },
         {
            db: "NVD",
            id: "CVE-2023-37932",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests",
      sources: [
         {
            db: "NVD",
            id: "CVE-2023-37932",
         },
      ],
      trust: 1,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2023-37932",
            trust: 1,
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2023-37932",
         },
      ],
   },
   id: "VAR-202401-2636",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.26984128,
   },
   last_update_date: "2024-08-14T15:20:39.761000Z",
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-22",
            trust: 1,
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2023-37932",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1,
            url: "https://fortiguard.com/psirt/fg-ir-23-219",
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2023-37932",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2023-37932",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2024-01-10T18:15:45.570000",
            db: "NVD",
            id: "CVE-2023-37932",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2024-01-18T15:50:39.943000",
            db: "NVD",
            id: "CVE-2023-37932",
         },
      ],
   },
}

var-202207-0115

Vulnerability from variot

An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service. plural Fortinet The product contains an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0115",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.0",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.5",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.13",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.10",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.6",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.8",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.8",
         },
         {
            model: "fortiswitch",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.2",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.6",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.17",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.6",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.1",
         },
         {
            model: "fortiproxy",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "2.0.6",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.3",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.4",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.10",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.26",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.2",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.9",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.15",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.12",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.14",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.7",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.3",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.12",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.20",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.3",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.7",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.4",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.1",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.21",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.13",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.4",
         },
         {
            model: "fortiproxy",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.0",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.5",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.13",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.1",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.11",
         },
         {
            model: "fortiswitch",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.11",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.3",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.6",
         },
         {
            model: "fortiproxy",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "2.0.0",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.22",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.23",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.2",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.12",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.1",
         },
         {
            model: "fortiswitch",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.0",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.8",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.5",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.6",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.10",
         },
         {
            model: "fortiproxy",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "1.1.0",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.1",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.8",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.2",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.10",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.16",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.3",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.10",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.4",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.1",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.7",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.25",
         },
         {
            model: "fortiproxy",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "1.0.7",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.1",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.24",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.14",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.7",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.10",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.3",
         },
         {
            model: "fortiswitch",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.0",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.1",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.5",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.4",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.1",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.5",
         },
         {
            model: "fortiproxy",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "1.1.6",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.6",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.0",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.3",
         },
         {
            model: "fortiproxy",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "1.0.0",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.2",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.13",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.5",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.2",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.8",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.9",
         },
         {
            model: "fortiswitch",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.9",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.8",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.1",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.9",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.5",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.10",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.2",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.0",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.9",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.19",
         },
         {
            model: "fortiswitch",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.7",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.0",
         },
         {
            model: "fortiswitch",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.7",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.6",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.7",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.11",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.18",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.2",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.4",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.7",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.14",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.12",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.0",
         },
         {
            model: "fortiproxy",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "1.2.0",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.1",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortiswitch",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.3",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.8",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.9",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.3.2",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.2",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.11",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.7",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.2",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.4",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.9",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.4",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.5",
         },
         {
            model: "fortiproxy",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "1.2.13",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.2",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.7",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.6.3",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.6",
         },
         {
            model: "fortirecorder",
            scope: null,
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
         {
            model: "fortios",
            scope: null,
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
         {
            model: "fortivoice",
            scope: null,
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
         {
            model: "fortiswitch",
            scope: null,
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
         {
            model: "fortiproxy",
            scope: null,
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-015239",
         },
         {
            db: "NVD",
            id: "CVE-2021-42755",
         },
      ],
   },
   cve: "CVE-2021-42755",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT",
                  author: "nvd@nist.gov",
                  availabilityImpact: "LOW",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 2.8,
                  id: "CVE-2021-42755",
                  impactScore: 1.4,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 2,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Adjacent Network",
                  author: "OTHER",
                  availabilityImpact: "Low",
                  baseScore: 4.3,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2022-015239",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2021-42755",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "psirt@fortinet.com",
                  id: "CVE-2021-42755",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "OTHER",
                  id: "JVNDB-2022-015239",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202207-378",
                  trust: 0.6,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-015239",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202207-378",
         },
         {
            db: "NVD",
            id: "CVE-2021-42755",
         },
         {
            db: "NVD",
            id: "CVE-2021-42755",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service. plural Fortinet The product contains an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state",
      sources: [
         {
            db: "NVD",
            id: "CVE-2021-42755",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-015239",
         },
         {
            db: "VULHUB",
            id: "VHN-403817",
         },
         {
            db: "VULMON",
            id: "CVE-2021-42755",
         },
      ],
      trust: 1.8,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2021-42755",
            trust: 3.4,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-015239",
            trust: 0.8,
         },
         {
            db: "CS-HELP",
            id: "SB2022070520",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2022.3308",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202207-378",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-403817",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2021-42755",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-403817",
         },
         {
            db: "VULMON",
            id: "CVE-2021-42755",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-015239",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202207-378",
         },
         {
            db: "NVD",
            id: "CVE-2021-42755",
         },
      ],
   },
   id: "VAR-202207-0115",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-403817",
         },
      ],
      trust: 0.36984128000000005,
   },
   last_update_date: "2024-08-14T14:02:31.490000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "FG-IR-21-155",
            trust: 0.8,
            url: "https://www.fortiguard.com/psirt/FG-IR-21-155",
         },
         {
            title: "Fortinet FortiVoice Enter the fix for the verification error vulnerability",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198709",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-015239",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202207-378",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-190",
            trust: 1.1,
         },
         {
            problemtype: "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-403817",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-015239",
         },
         {
            db: "NVD",
            id: "CVE-2021-42755",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.8,
            url: "https://fortiguard.com/psirt/fg-ir-21-155",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-42755",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2022070520",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2022.3308",
         },
         {
            trust: 0.6,
            url: "https://cxsecurity.com/cveshow/cve-2021-42755/",
         },
         {
            trust: 0.6,
            url: "https://vigilance.fr/vulnerability/fortinet-fortios-integer-overflow-via-dhcpd-38738",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-403817",
         },
         {
            db: "VULMON",
            id: "CVE-2021-42755",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-015239",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202207-378",
         },
         {
            db: "NVD",
            id: "CVE-2021-42755",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-403817",
         },
         {
            db: "VULMON",
            id: "CVE-2021-42755",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-015239",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202207-378",
         },
         {
            db: "NVD",
            id: "CVE-2021-42755",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-07-18T00:00:00",
            db: "VULHUB",
            id: "VHN-403817",
         },
         {
            date: "2022-07-18T00:00:00",
            db: "VULMON",
            id: "CVE-2021-42755",
         },
         {
            date: "2023-09-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2022-015239",
         },
         {
            date: "2022-07-05T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202207-378",
         },
         {
            date: "2022-07-18T17:15:08.413000",
            db: "NVD",
            id: "CVE-2021-42755",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-07-25T00:00:00",
            db: "VULHUB",
            id: "VHN-403817",
         },
         {
            date: "2022-07-18T00:00:00",
            db: "VULMON",
            id: "CVE-2021-42755",
         },
         {
            date: "2023-09-26T02:13:00",
            db: "JVNDB",
            id: "JVNDB-2022-015239",
         },
         {
            date: "2022-07-29T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202207-378",
         },
         {
            date: "2024-01-18T15:48:06.043000",
            db: "NVD",
            id: "CVE-2021-42755",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote or local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202207-378",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  Fortinet  Integer overflow vulnerability in product",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-015239",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "input validation error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202207-378",
         },
      ],
      trust: 0.6,
   },
}

var-202312-1940

Vulnerability from variot

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests. FortiAI firmware, FortiMail , FortiNDR A cross-site request forgery vulnerability exists in multiple Fortinet products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202312-1940",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "fortimail",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortimail",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.3",
         },
         {
            model: "fortimail",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.6",
         },
         {
            model: "fortirecorder",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.2",
         },
         {
            model: "fortivoice",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.7",
         },
         {
            model: "fortiswitch",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
         {
            model: "fortindr",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.0",
         },
         {
            model: "fortiswitch",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.4",
         },
         {
            model: "fortimail",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.12",
         },
         {
            model: "fortiswitch",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.0",
         },
         {
            model: "fortiai",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "1.1.0",
         },
         {
            model: "fortirecorder",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "2.7.0",
         },
         {
            model: "fortindr",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.4",
         },
         {
            model: "fortiai",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "1.5.3",
         },
         {
            model: "fortivoice",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.11",
         },
         {
            model: "fortiswitch",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortirecorder",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.11",
         },
         {
            model: "fortivoice",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
         {
            model: "fortirecorder",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "2.7.7",
         },
         {
            model: "fortiswitch",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.10",
         },
         {
            model: "fortimail",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.0",
         },
         {
            model: "fortirecorder",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
         {
            model: "fortimail",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.9",
         },
         {
            model: "fortirecorder",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "2.6.3",
         },
         {
            model: "fortimail",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
         {
            model: "fortivoice",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortimail",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.0",
         },
         {
            model: "fortiswitch",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.7",
         },
         {
            model: "fortiswitch",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.7",
         },
         {
            model: "fortirecorder",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortiswitch",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.0",
         },
         {
            model: "fortindr",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "7.1.0",
         },
         {
            model: "fortirecorder",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "2.6.0",
         },
         {
            model: "fortiswitch",
            scope: "eq",
            trust: 0.8,
            vendor: "フォーティネット",
            version: "6.2.0  to  6.2.7",
         },
         {
            model: "fortiswitch",
            scope: "eq",
            trust: 0.8,
            vendor: "フォーティネット",
            version: "7.0.0  to  7.0.4",
         },
         {
            model: "fortindr",
            scope: null,
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
         {
            model: "fortirecorder",
            scope: null,
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
         {
            model: "fortiswitch",
            scope: "eq",
            trust: 0.8,
            vendor: "フォーティネット",
            version: "6.0.0  to  6.0.7",
         },
         {
            model: "fortimail",
            scope: null,
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
         {
            model: "fortiswitch",
            scope: "eq",
            trust: 0.8,
            vendor: "フォーティネット",
            version: "6.4.0  to  6.4.10",
         },
         {
            model: "fortivoice",
            scope: null,
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
         {
            model: "fortiai",
            scope: null,
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-024746",
         },
         {
            db: "NVD",
            id: "CVE-2022-27488",
         },
      ],
   },
   cve: "CVE-2022-27488",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  id: "CVE-2022-27488",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "psirt@fortinet.com",
                  availabilityImpact: "HIGH",
                  baseScore: 8.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  id: "CVE-2022-27488",
                  impactScore: 5.5,
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 8.8,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2022-27488",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2022-27488",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "psirt@fortinet.com",
                  id: "CVE-2022-27488",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "CVE-2022-27488",
                  trust: 0.8,
                  value: "High",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-024746",
         },
         {
            db: "NVD",
            id: "CVE-2022-27488",
         },
         {
            db: "NVD",
            id: "CVE-2022-27488",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests. FortiAI firmware, FortiMail , FortiNDR A cross-site request forgery vulnerability exists in multiple Fortinet products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-27488",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-024746",
         },
      ],
      trust: 1.62,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2022-27488",
            trust: 2.6,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-024746",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-024746",
         },
         {
            db: "NVD",
            id: "CVE-2022-27488",
         },
      ],
   },
   id: "VAR-202312-1940",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.26984128,
   },
   last_update_date: "2024-08-14T13:41:21.392000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "FG-IR-22-038",
            trust: 0.8,
            url: "https://www.fortiguard.com/psirt/FG-IR-22-038",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-024746",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-352",
            trust: 1,
         },
         {
            problemtype: "Cross-site request forgery (CWE-352) [NVD evaluation ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-024746",
         },
         {
            db: "NVD",
            id: "CVE-2022-27488",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1,
            url: "https://fortiguard.com/psirt/fg-ir-22-038",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-27488",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-024746",
         },
         {
            db: "NVD",
            id: "CVE-2022-27488",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-024746",
         },
         {
            db: "NVD",
            id: "CVE-2022-27488",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2024-01-16T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2022-024746",
         },
         {
            date: "2023-12-13T07:15:10.910000",
            db: "NVD",
            id: "CVE-2022-27488",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2024-01-16T07:06:00",
            db: "JVNDB",
            id: "JVNDB-2022-024746",
         },
         {
            date: "2024-01-18T15:48:06.043000",
            db: "NVD",
            id: "CVE-2022-27488",
         },
      ],
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Cross-site request forgery vulnerability in multiple Fortinet products",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-024746",
         },
      ],
      trust: 0.8,
   },
}

var-202004-1869

Vulnerability from variot

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface. FortiMail and FortiVoiceEntreprise There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiMail and FortiVoice Entreprise are both products of Fortinet. FortiMail is a suite of email security gateway products. The product provides features such as email security and data protection. FortiVoice Entreprise is an enterprise unified communications solution. A security vulnerability exists in Fortinet FortiMail and FortiVoice Entreprise due to the program not properly authenticating identities. The following products and versions are affected: Fortinet FortiMail 5.4.10 and earlier, FortiMail 6.0.7 and earlier, FortiMail 6.2.2 and earlier; FortiVoice Entreprise 5.3 and later (version 6.0.2 has been fixed)

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1869",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "fortivoice",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortimail",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortivoice",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.1",
         },
         {
            model: "fortimail",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.2",
         },
         {
            model: "fortimail",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.0",
         },
         {
            model: "fortimail",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.10",
         },
         {
            model: "fortimail",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.7",
         },
         {
            model: "fortimail",
            scope: "eq",
            trust: 0.8,
            vendor: "fortinet",
            version: "5.4.10",
         },
         {
            model: "fortimail",
            scope: "eq",
            trust: 0.8,
            vendor: "fortinet",
            version: "6.0.7",
         },
         {
            model: "fortimail",
            scope: "eq",
            trust: 0.8,
            vendor: "fortinet",
            version: "6.2.2",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 0.8,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 0.8,
            vendor: "fortinet",
            version: "6.0.1",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004913",
         },
         {
            db: "NVD",
            id: "CVE-2020-9294",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:fortinet:fortimail",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/a:fortinet:fortivoice",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004913",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Mike Connor",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-2193",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2020-9294",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CVE-2020-9294",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 1.1,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 7.5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004913",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "VHN-187419",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 0.1,
                  vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  id: "CVE-2020-9294",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 9.8,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-004913",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2020-9294",
                  trust: 1,
                  value: "CRITICAL",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-004913",
                  trust: 0.8,
                  value: "Critical",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202004-2193",
                  trust: 0.6,
                  value: "CRITICAL",
               },
               {
                  author: "VULHUB",
                  id: "VHN-187419",
                  trust: 0.1,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2020-9294",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-187419",
         },
         {
            db: "VULMON",
            id: "CVE-2020-9294",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004913",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-2193",
         },
         {
            db: "NVD",
            id: "CVE-2020-9294",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface. FortiMail and FortiVoiceEntreprise There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiMail and FortiVoice Entreprise are both products of Fortinet. FortiMail is a suite of email security gateway products. The product provides features such as email security and data protection. FortiVoice Entreprise is an enterprise unified communications solution. A security vulnerability exists in Fortinet FortiMail and FortiVoice Entreprise due to the program not properly authenticating identities. The following products and versions are affected: Fortinet FortiMail 5.4.10 and earlier, FortiMail 6.0.7 and earlier, FortiMail 6.2.2 and earlier; FortiVoice Entreprise 5.3 and later (version 6.0.2 has been fixed)",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-9294",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004913",
         },
         {
            db: "VULHUB",
            id: "VHN-187419",
         },
         {
            db: "VULMON",
            id: "CVE-2020-9294",
         },
      ],
      trust: 1.8,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-9294",
            trust: 2.6,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004913",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-2193",
            trust: 0.7,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1454",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-32434",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-187419",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2020-9294",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-187419",
         },
         {
            db: "VULMON",
            id: "CVE-2020-9294",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004913",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-2193",
         },
         {
            db: "NVD",
            id: "CVE-2020-9294",
         },
      ],
   },
   id: "VAR-202004-1869",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-187419",
         },
      ],
      trust: 0.36984128000000005,
   },
   last_update_date: "2024-11-23T21:35:52.921000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "FG-IR-20-045",
            trust: 0.8,
            url: "https://fortiguard.com/psirt/FG-IR-20-045",
         },
         {
            title: "Fortinet FortiMail  and FortiVoice Entreprise Remediation measures for authorization problem vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117714",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004913",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-2193",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-287",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-187419",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004913",
         },
         {
            db: "NVD",
            id: "CVE-2020-9294",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.8,
            url: "https://fortiguard.com/psirt/fg-ir-20-045",
         },
         {
            trust: 1.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-9294",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9294",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1454/",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/287.html",
         },
         {
            trust: 0.1,
            url: "https://www.rapid7.com/db/modules/auxiliary/scanner/http/fortimail_login_bypass_detection/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-187419",
         },
         {
            db: "VULMON",
            id: "CVE-2020-9294",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004913",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-2193",
         },
         {
            db: "NVD",
            id: "CVE-2020-9294",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-187419",
         },
         {
            db: "VULMON",
            id: "CVE-2020-9294",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-004913",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-2193",
         },
         {
            db: "NVD",
            id: "CVE-2020-9294",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-04-27T00:00:00",
            db: "VULHUB",
            id: "VHN-187419",
         },
         {
            date: "2020-04-27T00:00:00",
            db: "VULMON",
            id: "CVE-2020-9294",
         },
         {
            date: "2020-06-02T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004913",
         },
         {
            date: "2020-04-27T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-2193",
         },
         {
            date: "2020-04-27T17:15:13.593000",
            db: "NVD",
            id: "CVE-2020-9294",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-05-04T00:00:00",
            db: "VULHUB",
            id: "VHN-187419",
         },
         {
            date: "2024-01-18T00:00:00",
            db: "VULMON",
            id: "CVE-2020-9294",
         },
         {
            date: "2020-06-02T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-004913",
         },
         {
            date: "2020-05-06T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-2193",
         },
         {
            date: "2024-11-21T05:40:22.350000",
            db: "NVD",
            id: "CVE-2020-9294",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-2193",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "FortiMail and  FortiVoiceEntreprise Authentication vulnerabilities in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-004913",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "authorization issue",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-2193",
         },
      ],
      trust: 0.6,
   },
}

var-202405-0539

Vulnerability from variot

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests. fortinet's FortiVoice Exists in a user-controlled key authentication evasion vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202405-0539",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "fortivoice",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortivoice",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.12",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.1",
         },
         {
            model: "fortivoice",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.8",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.0",
         },
         {
            model: "fortivoice",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 0.8,
            vendor: "フォーティネット",
            version: "7.0.1",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 0.8,
            vendor: "フォーティネット",
            version: "6.0.0  to  6.0.12",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 0.8,
            vendor: "フォーティネット",
            version: "7.0.0",
         },
         {
            model: "fortivoice",
            scope: "eq",
            trust: 0.8,
            vendor: "フォーティネット",
            version: "6.4.0  to  6.4.8",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2023-026186",
         },
         {
            db: "NVD",
            id: "CVE-2023-40720",
         },
      ],
   },
   cve: "CVE-2023-40720",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "nvd@nist.gov",
                  availabilityImpact: "LOW",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  id: "CVE-2023-40720",
                  impactScore: 4.2,
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  trust: 2,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "Low",
                  baseScore: 7.1,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2023-40720",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "Low",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2023-40720",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "psirt@fortinet.com",
                  id: "CVE-2023-40720",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "CVE-2023-40720",
                  trust: 0.8,
                  value: "High",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2023-026186",
         },
         {
            db: "NVD",
            id: "CVE-2023-40720",
         },
         {
            db: "NVD",
            id: "CVE-2023-40720",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests. fortinet's FortiVoice Exists in a user-controlled key authentication evasion vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state",
      sources: [
         {
            db: "NVD",
            id: "CVE-2023-40720",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2023-026186",
         },
      ],
      trust: 1.62,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2023-40720",
            trust: 2.6,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2023-026186",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2023-026186",
         },
         {
            db: "NVD",
            id: "CVE-2023-40720",
         },
      ],
   },
   id: "VAR-202405-0539",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.26984128,
   },
   last_update_date: "2024-08-14T15:41:14.783000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "FG-IR-23-282",
            trust: 0.8,
            url: "https://www.fortiguard.com/psirt/FG-IR-23-282",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2023-026186",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-639",
            trust: 1,
         },
         {
            problemtype: "Avoid authentication with user-controlled keys (CWE-639) [ others ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2023-026186",
         },
         {
            db: "NVD",
            id: "CVE-2023-40720",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1,
            url: "https://fortiguard.com/psirt/fg-ir-23-282",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2023-40720",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2023-026186",
         },
         {
            db: "NVD",
            id: "CVE-2023-40720",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "JVNDB",
            id: "JVNDB-2023-026186",
         },
         {
            db: "NVD",
            id: "CVE-2023-40720",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2024-05-27T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2023-026186",
         },
         {
            date: "2024-05-14T17:15:19.067000",
            db: "NVD",
            id: "CVE-2023-40720",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2024-05-27T08:52:00",
            db: "JVNDB",
            id: "JVNDB-2023-026186",
         },
         {
            date: "2024-05-23T16:38:28.923000",
            db: "NVD",
            id: "CVE-2023-40720",
         },
      ],
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "fortinet's  FortiVoice  Vulnerability in user-controlled key authentication evasion in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2023-026186",
         },
      ],
      trust: 0.8,
   },
}

var-201608-0437

Vulnerability from variot

Fortinet FortiVoice is a complete business telephone system developed by Fortinet. Fortinet FortiVoice 5.0.4 and earlier versions have an HTML injection vulnerability that is caused by the program's insufficient filtering of user-submitted input. When a user browses an affected website, their browser executes any HTML or script code provided by the attacker. This could lead to an attacker stealing cookie-based authentication. Fortinet FortiVoice is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Fortinet FortiVoice 5.0.4 and prior are vulnerable

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201608-0437",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "fortivoice",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.4",
         },
         {
            model: "fortivoice",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.5",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "92455",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Vulnerability Lab",
      sources: [
         {
            db: "BID",
            id: "92455",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201608-377",
         },
      ],
      trust: 0.9,
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Fortinet FortiVoice is a complete business telephone system developed by Fortinet. \nFortinet FortiVoice 5.0.4 and earlier versions have an HTML injection vulnerability that is caused by the program's insufficient filtering of user-submitted input. When a user browses an affected website, their browser executes any HTML or script code provided by the attacker. This could lead to an attacker stealing cookie-based authentication. Fortinet FortiVoice is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. \nFortinet FortiVoice 5.0.4 and prior are vulnerable",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201608-377",
         },
         {
            db: "BID",
            id: "92455",
         },
      ],
      trust: 0.81,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "BID",
            id: "92455",
            trust: 0.9,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201608-377",
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "BID",
            id: "92455",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201608-377",
         },
      ],
   },
   id: "VAR-201608-0437",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.1,
   },
   last_update_date: "2022-05-17T01:57:42.820000Z",
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 0.6,
            url: "http://www.securityfocus.com/bid/92455",
         },
         {
            trust: 0.3,
            url: "http://www.fortinet.com/",
         },
         {
            trust: 0.3,
            url: "http://fortiguard.com/advisory/fortivoice-5-0-filter-bypass-persistent-web-vulnerabilities",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "92455",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201608-377",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "BID",
            id: "92455",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201608-377",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2016-08-15T00:00:00",
            db: "BID",
            id: "92455",
         },
         {
            date: "2016-08-19T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201608-377",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2016-08-15T00:00:00",
            db: "BID",
            id: "92455",
         },
         {
            date: "2016-08-19T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201608-377",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201608-377",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Fortinet FortiVoice HTML Injection vulnerability",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201608-377",
         },
      ],
      trust: 0.6,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "input validation",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201608-377",
         },
      ],
      trust: 0.6,
   },
}

var-202112-0338

Vulnerability from variot

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. (DoS) It may be in a state

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0338",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "fortios-6k7k",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.8",
         },
         {
            model: "fortios",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.0",
         },
         {
            model: "fortiswitch",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.9",
         },
         {
            model: "fortianalyzer",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.0",
         },
         {
            model: "fortiadc",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.1.5",
         },
         {
            model: "fortios",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.13",
         },
         {
            model: "fortindr",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "1.1.0",
         },
         {
            model: "fortios-6k7k",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.6",
         },
         {
            model: "fortiadc",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.0",
         },
         {
            model: "fortios-6k7k",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.2",
         },
         {
            model: "fortivoice",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
         {
            model: "fortiweb",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.3.16",
         },
         {
            model: "fortiadc",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.2",
         },
         {
            model: "fortiweb",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "5.0.0",
         },
         {
            model: "fortirecorder",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
         {
            model: "fortimanager",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortimail",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.7",
         },
         {
            model: "fortiadc",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "5.0.0",
         },
         {
            model: "fortimail",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "5.4.0",
         },
         {
            model: "fortios",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.9",
         },
         {
            model: "fortivoice",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortios",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.2.0",
         },
         {
            model: "fortirecorder",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "2.6.0",
         },
         {
            model: "fortirecorder",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.2",
         },
         {
            model: "fortimail",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.0",
         },
         {
            model: "fortivoice",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.10",
         },
         {
            model: "fortiswitch",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.0",
         },
         {
            model: "fortiproxy",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "2.0.7",
         },
         {
            model: "fortiportal",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "5.0.0",
         },
         {
            model: "fortimanager",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.2",
         },
         {
            model: "fortios",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "5.0.0",
         },
         {
            model: "fortiswitch",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.3",
         },
         {
            model: "fortiproxy",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "1.0.0",
         },
         {
            model: "fortios",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
         {
            model: "fortiproxy",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.1",
         },
         {
            model: "fortiportal",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.10",
         },
         {
            model: "fortimail",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.6",
         },
         {
            model: "fortimanager",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.7",
         },
         {
            model: "fortianalyzer",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortimanager",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.0",
         },
         {
            model: "fortindr",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "1.5.2",
         },
         {
            model: "fortirecorder",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.10",
         },
         {
            model: "fortios",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.2",
         },
         {
            model: "fortianalyzer",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.2",
         },
         {
            model: "fortiproxy",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.0",
         },
         {
            model: "fortimail",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
         {
            model: "fortios",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.7",
         },
         {
            model: "fortiswitch",
            scope: "gte",
            trust: 1,
            vendor: "fortinet",
            version: "6.0.0",
         },
         {
            model: "fortianalyzer",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.7",
         },
         {
            model: "fortivoice",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.4",
         },
         {
            model: "fortiweb",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.1",
         },
         {
            model: "fortiweb",
            scope: "eq",
            trust: 1,
            vendor: "fortinet",
            version: "6.4.0",
         },
         {
            model: "fortimail",
            scope: "lte",
            trust: 1,
            vendor: "fortinet",
            version: "7.0.2",
         },
         {
            model: "fortimanager",
            scope: null,
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
         {
            model: "fortios",
            scope: null,
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
         {
            model: "fortianalyzer",
            scope: null,
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
         {
            model: "fortiweb",
            scope: null,
            trust: 0.8,
            vendor: "フォーティネット",
            version: null,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2021-016008",
         },
         {
            db: "NVD",
            id: "CVE-2021-42757",
         },
      ],
   },
   cve: "CVE-2021-42757",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "LOW",
                  accessVector: "LOCAL",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.6,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 3.9,
                  id: "CVE-2021-42757",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 1.8,
                  vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "LOCAL",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.6,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 3.9,
                  id: "VHN-403819",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 6.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 0.8,
                  id: "CVE-2021-42757",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  trust: 2,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Local",
                  author: "OTHER",
                  availabilityImpact: "High",
                  baseScore: 6.7,
                  baseSeverity: "Medium",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "JVNDB-2021-016008",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "High",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2021-42757",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "psirt@fortinet.com",
                  id: "CVE-2021-42757",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "CVE-2021-42757",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202112-559",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-403819",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-403819",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-016008",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202112-559",
         },
         {
            db: "NVD",
            id: "CVE-2021-42757",
         },
         {
            db: "NVD",
            id: "CVE-2021-42757",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. (DoS) It may be in a state",
      sources: [
         {
            db: "NVD",
            id: "CVE-2021-42757",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-016008",
         },
         {
            db: "VULHUB",
            id: "VHN-403819",
         },
      ],
      trust: 1.71,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2021-42757",
            trust: 3.3,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-016008",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202112-559",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-403819",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-403819",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-016008",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202112-559",
         },
         {
            db: "NVD",
            id: "CVE-2021-42757",
         },
      ],
   },
   id: "VAR-202112-0338",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-403819",
         },
      ],
      trust: 0.36984128000000005,
   },
   last_update_date: "2024-11-23T22:20:42.629000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "FG-IR-21-173",
            trust: 0.8,
            url: "https://www.fortiguard.com/psirt/FG-IR-21-173",
         },
         {
            title: "Fortinet FortiOS Security vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173877",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2021-016008",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202112-559",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-787",
            trust: 1,
         },
         {
            problemtype: "Classic buffer overflow (CWE-120) [NVD evaluation ]",
            trust: 0.8,
         },
         {
            problemtype: "CWE-120",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-403819",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-016008",
         },
         {
            db: "NVD",
            id: "CVE-2021-42757",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "https://fortiguard.com/advisory/fg-ir-21-173",
         },
         {
            trust: 1.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-42757",
         },
         {
            trust: 0.6,
            url: "https://vigilance.fr/vulnerability/fortios-buffer-overflow-via-tftp-client-library-37026",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-403819",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-016008",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202112-559",
         },
         {
            db: "NVD",
            id: "CVE-2021-42757",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-403819",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-016008",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202112-559",
         },
         {
            db: "NVD",
            id: "CVE-2021-42757",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2021-12-08T00:00:00",
            db: "VULHUB",
            id: "VHN-403819",
         },
         {
            date: "2022-12-05T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2021-016008",
         },
         {
            date: "2021-12-07T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202112-559",
         },
         {
            date: "2021-12-08T11:15:11.840000",
            db: "NVD",
            id: "CVE-2021-42757",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2021-12-09T00:00:00",
            db: "VULHUB",
            id: "VHN-403819",
         },
         {
            date: "2022-12-05T06:18:00",
            db: "JVNDB",
            id: "JVNDB-2021-016008",
         },
         {
            date: "2021-12-13T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202112-559",
         },
         {
            date: "2024-11-21T06:28:06.653000",
            db: "NVD",
            id: "CVE-2021-42757",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202112-559",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "FortiOS  of  TFTP  client library and  FortiOS  Classic buffer overflow vulnerability in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2021-016008",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "other",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202112-559",
         },
      ],
      trust: 0.6,
   },
}

Vulnerabilites related to fortinet - fortivoice

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot

Vulnerability from variot