Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-54020 (GCVE-0-2024-54020)
Vulnerability from cvelistv5 – Published: 2025-05-28 07:55 – Updated: 2025-05-28 14:21
VLAI?
EPSS
Summary
A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.
Severity ?
CWE
- CWE-862 - Improper access control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiManager |
Affected:
7.2.0 , ≤ 7.2.1
(semver)
Affected: 7.0.0 , ≤ 7.0.7 (semver) cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T14:21:24.497661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T14:21:37.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T07:55:32.497Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-023",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-023"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiManager version 7.4.0 or above \nPlease upgrade to FortiManager version 7.2.2 or above \nPlease upgrade to FortiManager version 7.0.8 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-54020",
"datePublished": "2025-05-28T07:55:32.497Z",
"dateReserved": "2024-11-27T15:20:39.890Z",
"dateUpdated": "2025-05-28T14:21:37.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-54020",
"date": "2026-05-14",
"epss": "0.00145",
"percentile": "0.34427"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-54020\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2025-05-28T08:15:20.043\",\"lastModified\":\"2025-06-04T14:34:54.323\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.\"},{\"lang\":\"es\",\"value\":\"Una autorizaci\u00f3n faltante en las versiones 7.2.0 a 7.2.1 y 7.0.0 a 7.0.7 de Fortinet FortiManager puede permitir que un atacante autenticado sobrescriba las fuentes de amenazas globales a trav\u00e9s de solicitudes de actualizaci\u00f3n manipuladas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":2.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.8\",\"matchCriteriaId\":\"F5248A7F-5122-4C07-8A4C-FE7A0BA07CF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.2.2\",\"matchCriteriaId\":\"C654DFBA-E3B0-4865-9088-13385A428E78\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-24-023\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-54020\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-28T14:21:24.497661Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-28T14:21:31.548Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiManager\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.1\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.7\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiManager version 7.4.0 or above \\nPlease upgrade to FortiManager version 7.2.2 or above \\nPlease upgrade to FortiManager version 7.0.8 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-023\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-023\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"Improper access control\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2025-05-28T07:55:32.497Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-54020\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-28T14:21:37.049Z\", \"dateReserved\": \"2024-11-27T15:20:39.890Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2025-05-28T07:55:32.497Z\", \"assignerShortName\": \"fortinet\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
NCSC-2025-0166
Vulnerability from csaf_ncscnl - Published: 2025-05-14 08:41 - Updated: 2025-05-14 08:41Summary
Kwetsbaarheden verholpen in Fortinet producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Fortinet heeft kwetsbaarheden verholpen in FortiManager, FortiManager Cloud, FortiAnalyzer, FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiSwitchManager en FortiWeb.
Interpretaties: De kwetsbaarheden omvatten een OS Command Injection die lokale aanvallers in staat stelt om ongeautoriseerde code uit te voeren door CLI-commando-argumenten te manipuleren. Daarnaast zijn er kwetsbaarheden die het mogelijk maken voor aanvallers om ongeautoriseerde wijzigingen aan te brengen in globale dreigingsfeeds en om authenticatie te omzeilen, wat leidt tot administratieve toegang tot de apparaten. Ook zijn er kwetsbaarheden die kunnen leiden tot denial-of-service door het versturen van speciaal vervaardigde verzoeken. Deze kwetsbaarheden kunnen leiden tot controle over de getroffen systemen.
Oplossingen: Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-222: Truncation of Security-relevant Information
CWE-364: Signal Handler Race Condition
CWE-134: Use of Externally-Controlled Format String
CWE-354: Improper Validation of Integrity Check Value
CWE-190: Integer Overflow or Wraparound
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-400: Uncontrolled Resource Consumption
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-78
- Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/unknown
Fortinet / Fortinet FortiOS
|
cpe:/o:fortinet:fortios:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / fortiproxy
|
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiAnalyzer
|
cpe:/a:fortinet:fortianalyzer:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiManager
|
cpe:/a:fortinet:fortimanager:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / FortiClient
|
vers:unknown/unknown | ||
|
vers:unknown/unknown
Fortinet / FortiClient-EMS
|
vers:unknown/unknown |
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/unknown
Fortinet / Fortinet FortiOS
|
cpe:/o:fortinet:fortios:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / fortiproxy
|
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiAnalyzer
|
cpe:/a:fortinet:fortianalyzer:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiManager
|
cpe:/a:fortinet:fortimanager:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / FortiClient
|
vers:unknown/unknown | ||
|
vers:unknown/unknown
Fortinet / FortiClient-EMS
|
vers:unknown/unknown |
CWE-362
- Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/unknown
Fortinet / Fortinet FortiOS
|
cpe:/o:fortinet:fortios:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / fortiproxy
|
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiAnalyzer
|
cpe:/a:fortinet:fortianalyzer:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiManager
|
cpe:/a:fortinet:fortimanager:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / FortiClient
|
vers:unknown/unknown | ||
|
vers:unknown/unknown
Fortinet / FortiClient-EMS
|
vers:unknown/unknown |
CWE-134
- Use of Externally-Controlled Format String
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/unknown
Fortinet / Fortinet FortiOS
|
cpe:/o:fortinet:fortios:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / fortiproxy
|
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiAnalyzer
|
cpe:/a:fortinet:fortianalyzer:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiManager
|
cpe:/a:fortinet:fortimanager:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / FortiClient
|
vers:unknown/unknown | ||
|
vers:unknown/unknown
Fortinet / FortiClient-EMS
|
vers:unknown/unknown |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/unknown
Fortinet / Fortinet FortiOS
|
cpe:/o:fortinet:fortios:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / fortiproxy
|
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiAnalyzer
|
cpe:/a:fortinet:fortianalyzer:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiManager
|
cpe:/a:fortinet:fortimanager:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / FortiClient
|
vers:unknown/unknown | ||
|
vers:unknown/unknown
Fortinet / FortiClient-EMS
|
vers:unknown/unknown |
9.8 (Critical)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/unknown
Fortinet / Fortinet FortiOS
|
cpe:/o:fortinet:fortios:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / fortiproxy
|
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiAnalyzer
|
cpe:/a:fortinet:fortianalyzer:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiManager
|
cpe:/a:fortinet:fortimanager:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / FortiClient
|
vers:unknown/unknown | ||
|
vers:unknown/unknown
Fortinet / FortiClient-EMS
|
vers:unknown/unknown |
5.9 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/unknown
Fortinet / Fortinet FortiOS
|
cpe:/o:fortinet:fortios:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / fortiproxy
|
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiAnalyzer
|
cpe:/a:fortinet:fortianalyzer:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiManager
|
cpe:/a:fortinet:fortimanager:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / FortiClient
|
vers:unknown/unknown | ||
|
vers:unknown/unknown
Fortinet / FortiClient-EMS
|
vers:unknown/unknown |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/unknown
Fortinet / Fortinet FortiOS
|
cpe:/o:fortinet:fortios:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / fortiproxy
|
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiAnalyzer
|
cpe:/a:fortinet:fortianalyzer:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiManager
|
cpe:/a:fortinet:fortimanager:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / FortiClient
|
vers:unknown/unknown | ||
|
vers:unknown/unknown
Fortinet / FortiClient-EMS
|
vers:unknown/unknown |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/unknown
Fortinet / Fortinet FortiOS
|
cpe:/o:fortinet:fortios:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / fortiproxy
|
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiAnalyzer
|
cpe:/a:fortinet:fortianalyzer:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / Fortinet FortiManager
|
cpe:/a:fortinet:fortimanager:-
|
vers:unknown/unknown | |
|
vers:unknown/unknown
Fortinet / FortiClient
|
vers:unknown/unknown | ||
|
vers:unknown/unknown
Fortinet / FortiClient-EMS
|
vers:unknown/unknown |
References
18 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Fortinet heeft kwetsbaarheden verholpen in FortiManager, FortiManager Cloud, FortiAnalyzer, FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiSwitchManager en FortiWeb.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten een OS Command Injection die lokale aanvallers in staat stelt om ongeautoriseerde code uit te voeren door CLI-commando-argumenten te manipuleren. Daarnaast zijn er kwetsbaarheden die het mogelijk maken voor aanvallers om ongeautoriseerde wijzigingen aan te brengen in globale dreigingsfeeds en om authenticatie te omzeilen, wat leidt tot administratieve toegang tot de apparaten. Ook zijn er kwetsbaarheden die kunnen leiden tot denial-of-service door het versturen van speciaal vervaardigde verzoeken. Deze kwetsbaarheden kunnen leiden tot controle over de getroffen systemen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Signal Handler Race Condition",
"title": "CWE-364"
},
{
"category": "general",
"text": "Use of Externally-Controlled Format String",
"title": "CWE-134"
},
{
"category": "general",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"title": "CWE-757"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-381"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-388"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-167"
},
{
"category": "external",
"summary": "Reference - certbundde",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-490"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-122"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-472"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-023"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-472"
}
],
"title": "Kwetsbaarheden verholpen in Fortinet producten",
"tracking": {
"current_release_date": "2025-05-14T08:41:08.980708Z",
"generator": {
"date": "2025-02-25T15:15:00Z",
"engine": {
"name": "V.A.",
"version": "1.0"
}
},
"id": "NCSC-2025-0166",
"initial_release_date": "2025-05-14T08:41:08.980708Z",
"revision_history": [
{
"date": "2025-05-14T08:41:08.980708Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/unknown",
"product": {
"name": "vers:unknown/unknown",
"product_id": "CSAFPID-1363392",
"product_identification_helper": {
"cpe": "cpe:/o:fortinet:fortios:-"
}
}
}
],
"category": "product_name",
"name": "Fortinet FortiOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/unknown",
"product": {
"name": "vers:unknown/unknown",
"product_id": "CSAFPID-2002532",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "fortiproxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/unknown",
"product": {
"name": "vers:unknown/unknown",
"product_id": "CSAFPID-1363409",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortianalyzer:-"
}
}
}
],
"category": "product_name",
"name": "Fortinet FortiAnalyzer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/unknown",
"product": {
"name": "vers:unknown/unknown",
"product_id": "CSAFPID-1363397",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:-"
}
}
}
],
"category": "product_name",
"name": "Fortinet FortiManager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/unknown",
"product": {
"name": "vers:unknown/unknown",
"product_id": "CSAFPID-2838319"
}
}
],
"category": "product_name",
"name": "FortiClient"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/unknown",
"product": {
"name": "vers:unknown/unknown",
"product_id": "CSAFPID-2838320"
}
}
],
"category": "product_name",
"name": "FortiClient-EMS"
}
],
"category": "vendor",
"name": "Fortinet"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42788",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-42788",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42788.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
"version": "3.1"
},
"products": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
}
],
"title": "CVE-2023-42788"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "other",
"text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"title": "CWE-757"
},
{
"category": "other",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2024-6387",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Signal Handler Race Condition",
"title": "CWE-364"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6387",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6387.json"
}
],
"title": "CVE-2024-6387"
},
{
"cve": "CVE-2024-45324",
"cwe": {
"id": "CWE-134",
"name": "Use of Externally-Controlled Format String"
},
"notes": [
{
"category": "other",
"text": "Use of Externally-Controlled Format String",
"title": "CWE-134"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45324",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45324.json"
}
],
"title": "CVE-2024-45324"
},
{
"cve": "CVE-2024-54020",
"product_status": {
"known_affected": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-54020",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54020.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
}
],
"title": "CVE-2024-54020"
},
{
"cve": "CVE-2025-22252",
"product_status": {
"known_affected": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-22252",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-22252.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
}
],
"title": "CVE-2025-22252"
},
{
"cve": "CVE-2025-26466",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26466",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26466.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
}
],
"title": "CVE-2025-26466"
},
{
"cve": "CVE-2025-47294",
"product_status": {
"known_affected": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-47294",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-47294.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
}
],
"title": "CVE-2025-47294"
},
{
"cve": "CVE-2025-47295",
"product_status": {
"known_affected": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-47295",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-47295.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1363392",
"CSAFPID-2002532",
"CSAFPID-1363409",
"CSAFPID-1363397",
"CSAFPID-2838319",
"CSAFPID-2838320"
]
}
],
"title": "CVE-2025-47295"
}
]
}
CERTFR-2025-AVI-0399
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Fortinet indique que la vulnérabilité CVE-2025-32756 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiClient | FortiClientMac versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.1.x à 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiClientEMS | FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.0.7 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.x antérieures à 7.2.9 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.4.x antérieures à 6.4.6 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiCamera | FortiCamera versions antérieures à 2.1.4 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.0.15 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiVoice | FortiVoiceUCDesktop versions antérieures à 7.0 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.4.x antérieures à 6.4.11 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.8 | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiCamera versions ant\u00e9rieures \u00e0 2.1.4",
"product": {
"name": "FortiCamera",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceUCDesktop versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-25251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25251"
},
{
"name": "CVE-2025-47294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47294"
},
{
"name": "CVE-2025-24473",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24473"
},
{
"name": "CVE-2024-54020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54020"
},
{
"name": "CVE-2025-46777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46777"
},
{
"name": "CVE-2024-35281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35281"
},
{
"name": "CVE-2025-32756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"
},
{
"name": "CVE-2025-22252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22252"
},
{
"name": "CVE-2025-47295",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47295"
},
{
"name": "CVE-2025-22859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22859"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0399",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-32756 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-472",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-472"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-552",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-552"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-381",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-381"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-548",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-548"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-025",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-025"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-388",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-388"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-380",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-380"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-016",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-016"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-254"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-023",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-023"
}
]
}
CERTFR-2025-AVI-0399
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Fortinet indique que la vulnérabilité CVE-2025-32756 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiClient | FortiClientMac versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.1.x à 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiClientEMS | FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.0.7 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.x antérieures à 7.2.9 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.4.x antérieures à 6.4.6 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiCamera | FortiCamera versions antérieures à 2.1.4 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.0.15 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiVoice | FortiVoiceUCDesktop versions antérieures à 7.0 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.4.x antérieures à 6.4.11 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.8 | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiCamera versions ant\u00e9rieures \u00e0 2.1.4",
"product": {
"name": "FortiCamera",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceUCDesktop versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-25251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25251"
},
{
"name": "CVE-2025-47294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47294"
},
{
"name": "CVE-2025-24473",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24473"
},
{
"name": "CVE-2024-54020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54020"
},
{
"name": "CVE-2025-46777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46777"
},
{
"name": "CVE-2024-35281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35281"
},
{
"name": "CVE-2025-32756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"
},
{
"name": "CVE-2025-22252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22252"
},
{
"name": "CVE-2025-47295",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47295"
},
{
"name": "CVE-2025-22859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22859"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0399",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-32756 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-472",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-472"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-552",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-552"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-381",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-381"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-548",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-548"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-025",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-025"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-388",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-388"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-380",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-380"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-016",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-016"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-254"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-023",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-023"
}
]
}
FKIE_CVE-2024-54020
Vulnerability from fkie_nvd - Published: 2025-05-28 08:15 - Updated: 2025-06-04 14:34
Severity ?
2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-24-023 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortimanager | * | |
| fortinet | fortimanager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5248A7F-5122-4C07-8A4C-FE7A0BA07CF2",
"versionEndExcluding": "7.0.8",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C654DFBA-E3B0-4865-9088-13385A428E78",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests."
},
{
"lang": "es",
"value": "Una autorizaci\u00f3n faltante en las versiones 7.2.0 a 7.2.1 y 7.0.0 a 7.0.7 de Fortinet FortiManager puede permitir que un atacante autenticado sobrescriba las fuentes de amenazas globales a trav\u00e9s de solicitudes de actualizaci\u00f3n manipuladas."
}
],
"id": "CVE-2024-54020",
"lastModified": "2025-06-04T14:34:54.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-28T08:15:20.043",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-023"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
}
WID-SEC-W-2025-1018
Vulnerability from csaf_certbund - Published: 2025-05-13 22:00 - Updated: 2025-05-13 22:00Summary
Fortinet FortiManager: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Severity
Niedrig
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: FortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle in Fortinet FortiManager ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Sonstiges
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fortinet FortiManager <7.2.2
Fortinet / FortiManager
|
<7.2.2 | ||
|
Fortinet FortiManager <7.0.8
Fortinet / FortiManager
|
<7.0.8 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FortiManager Security Management Appliances erm\u00f6glicht die Verwaltung von Fortinet Network Security Ger\u00e4ten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Fortinet FortiManager ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1018 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1018.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1018 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1018"
},
{
"category": "external",
"summary": "FortiGuard PSIRT Advisory FG-IR-24-023 vom 2025-05-13",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-023"
}
],
"source_lang": "en-US",
"title": "Fortinet FortiManager: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2025-05-13T22:00:00.000+00:00",
"generator": {
"date": "2025-05-14T09:09:16.863+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-1018",
"initial_release_date": "2025-05-13T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-13T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.2.2",
"product": {
"name": "Fortinet FortiManager \u003c7.2.2",
"product_id": "T043593"
}
},
{
"category": "product_version",
"name": "7.2.2",
"product": {
"name": "Fortinet FortiManager 7.2.2",
"product_id": "T043593-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:7.2.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.0.8",
"product": {
"name": "Fortinet FortiManager \u003c7.0.8",
"product_id": "T043595"
}
},
{
"category": "product_version",
"name": "7.0.8",
"product": {
"name": "Fortinet FortiManager 7.0.8",
"product_id": "T043595-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:7.0.8"
}
}
}
],
"category": "product_name",
"name": "FortiManager"
}
],
"category": "vendor",
"name": "Fortinet"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-54020",
"product_status": {
"known_affected": [
"T043593",
"T043595"
]
},
"release_date": "2025-05-13T22:00:00.000+00:00",
"title": "CVE-2024-54020"
}
]
}
GHSA-JJ5F-JXF3-25VX
Vulnerability from github – Published: 2025-05-28 09:31 – Updated: 2025-05-28 09:31
VLAI?
Details
A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2024-54020"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-28T08:15:20Z",
"severity": "LOW"
},
"details": "A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.",
"id": "GHSA-jj5f-jxf3-25vx",
"modified": "2025-05-28T09:31:26Z",
"published": "2025-05-28T09:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54020"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…