Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0031
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
Vendor | Product | Description | ||
---|---|---|---|---|
Fortinet | FortiClient | FortiClientMac versions antérieures à 7.2.5 | ||
Fortinet | FortiDDoS-F | FortiDDoS-F versions antérieures à 6.3.3 | ||
Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antérieures à 7.6.2 | ||
Fortinet | FortiOS | FortiOS versions antérieures à 7.6.1 pour la vulnérabilité CVE-2024-52963 | ||
Fortinet | FortiRecorder | FortiRecorder versions antérieures à 7.0.5 | ||
Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.6 | ||
Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.13 | ||
Fortinet | FortiSOAR | FortiSOAR versions 7.4.x antérieures à 7.4.5 | ||
Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
Fortinet | FortiSOAR | Connecteur IMAP pour FortiSOAR versions antérieures à 3.5.8 | ||
Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.4 | ||
Fortinet | FortiOS | FortiOS versions antérieures à 7.0.16 | ||
Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.9 | ||
Fortinet | FortiWLC | FortiWLC versions 8.6.x antérieures à 8.6.6 | ||
Fortinet | FortiManager | FortiManager versions 6.4.x antérieures à 6.4.15 | ||
Fortinet | FortiClient | FortiClientEMS versions 7.4.x antérieures à 7.4.1 | ||
Fortinet | FortiClient | FortiClientEMS Cloud versions antérieures à 7.2.5 | ||
Fortinet | FortiClient | FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.1 | ||
Fortinet | FortiPortal | FortiPortal versions 6.0.x antérieures à 6.0.15 | ||
Fortinet | FortiClient | FortiClientMac versions antérieures à 7.4.0 | ||
Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.5 | ||
Fortinet | FortiMail | FortiMail versions 6.4x antérieures à 6.4.8 | ||
Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.13 | ||
Fortinet | FortiVoiceEnterprise | FortiVoiceEnterprise versions antérieures à 6.0.10 | ||
Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions 7.4.x postérieures à 7.4.1 et antérieures à 7.4.4 | ||
Fortinet | FortiWeb | FortiWeb versions 7.2.x antérieures à 7.2.8 | ||
Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.7 | ||
Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions 7.2.x postérieures à 7.2.1 et antérieures à 7.2.7 | ||
Fortinet | FortiSwitch | FortiSwitch versions 7.4.x antérieures à 7.4.1 | ||
Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.2 | ||
Fortinet | FortiAP-W2 | FortiAP-W2 versions antérieures à 7.2.4 | ||
Fortinet | FortiClient | FortiClientEMS versions antérieures à 7.2.5 | ||
Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.5 | ||
Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.10 | ||
Fortinet | FortiSwitch | FortiSwitch versions 7.2.x antérieures à 7.2.6 | ||
Fortinet | FortiDDoS | FortiDDoS versions antérieures à 5.5.1 | ||
Fortinet | FortiAP | FortiAP versions antérieures à 7.2.4 | ||
Fortinet | FortiSwitch | FortiSwitch versions antérieures à 6.2.8 | ||
Fortinet | FortiClient | FortiClientWindows versions antérieures à 7.4.1 | ||
Fortinet | FortiSOAR | FortiSOAR versions antérieures à 7.2.2 Security Patch 9 | ||
Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6 | ||
Fortinet | FortiDeceptor | FortiDeceptor versions antérieures à 6.0.1 | ||
Fortinet | FortiAP-S | FortiAP-S versions antérieures à 6.4.10 | ||
Fortinet | FortiVoiceEnterprise | FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4 | ||
Fortinet | FortiAuthenticator | FortiAuthenticator versions antérieures à 6.3.3 | ||
Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.5 | ||
Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.19 | ||
Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.1 | ||
Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.4 | ||
Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.5 | ||
Fortinet | FortiManager | FortiManager Cloud versions antérieures à 7.0.13 | ||
Fortinet | FortiSandbox | FortiSandbox versions 4.4.x antérieures à 4.4.5 | ||
Fortinet | FortiAP | FortiAP versions 7.4.x antérieures à 7.4.3 | ||
Fortinet | FortiClient | FortiClientLinux versions antérieures à 7.2.5 | ||
Fortinet | FortiSwitch | FortiSwitch versions 6.4.x antérieures à 6.4.14 | ||
Fortinet | FortiNDR | FortiNDR versions antérieures à 7.2.2 | ||
Fortinet | FortiManager | FortiManager versions 6.2.x antérieures à 6.2.12 | ||
Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions antérieures à 7.0.12 | ||
Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.1 | ||
Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.5 | ||
Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.3 | ||
Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.15 | ||
Fortinet | FortiSOAR | FortiSOAR versions 7.3.x antérieures à 7.3.3 | ||
Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.6 | ||
Fortinet | FortiClient | FortiClientLinux versions antérieures à 7.4.0 | ||
Fortinet | FortiSIEM | FortiSIEM versions antérieures à 7.1.6 | ||
Fortinet | FortiSandbox | FortiSandbox versions antérieures à 4.0.5 | ||
Fortinet | FortiAP-W2 | FortiAP-W2 versions 7.4.x antérieures à 7.4.3 | ||
Fortinet | FortiSandbox | FortiSandbox versions 4.2.x antérieures à 4.2.7 | ||
Fortinet | FortiADC | FortiADC versions 6.2.x antérieures à 6.2.4 | ||
Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.6 | ||
Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.8 | ||
Fortinet | FortiTester | FortiTester versions antérieures à 7.2.1 | ||
Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.4.x antérieures à 6.4.15 | ||
Fortinet | FortiAuthenticator | FortiAuthenticator versions 6.4.x antérieures à 6.4.1 | ||
Fortinet | FortiVoice | FortiVoice versions antérieures à 6.4.10 | ||
Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.12 | ||
Fortinet | FortiSOAR | FortiSOAR versions 7.5.x antérieures à 7.5.1 | ||
Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.2 | ||
Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.7 |
References
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.2.5", "product": { "name": "FortiClient", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.3.3", "product": { "name": "FortiDDoS-F", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2", "product": { "name": "FortiAnalyzer", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.1 pour la vuln\u00e9rabilit\u00e9 CVE-2024-52963", "product": { "name": "FortiOS", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5", "product": { "name": "FortiRecorder", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6", "product": { "name": "FortiAnalyzer", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.13", "product": { "name": "FortiAnalyzer", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.5", "product": { "name": "FortiSOAR", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2", "product": { "name": "FortiManager", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "Connecteur IMAP pour FortiSOAR versions ant\u00e9rieures \u00e0 3.5.8", "product": { "name": "FortiSOAR", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4", "product": { "name": "FortiManager", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16", "product": { "name": "FortiOS", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9", "product": { "name": "FortiPortal", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiWLC versions 8.6.x ant\u00e9rieures \u00e0 8.6.6", "product": { "name": "FortiWLC", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15", "product": { "name": "FortiManager", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1", "product": { "name": "FortiClient", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiClientEMS Cloud versions ant\u00e9rieures \u00e0 7.2.5", "product": { "name": "FortiClient", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.1", "product": { "name": "FortiClient", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.15", "product": { "name": "FortiPortal", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.4.0", "product": { "name": "FortiClient", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5", "product": { "name": "FortiOS", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiMail versions 6.4x ant\u00e9rieures \u00e0 6.4.8", "product": { "name": "FortiMail", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13", "product": { "name": "FortiManager", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.10", "product": { "name": "FortiVoiceEnterprise", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAnalyzer Cloud versions 7.4.x post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4", "product": { "name": "FortiAnalyzer", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.8", "product": { "name": "FortiWeb", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7", "product": { "name": "FortiManager", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAnalyzer Cloud versions 7.2.x post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7", "product": { "name": "FortiAnalyzer", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiSwitch versions 7.4.x ant\u00e9rieures \u00e0 7.4.1", "product": { "name": "FortiSwitch", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2", "product": { "name": "FortiWeb", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.2.4", "product": { "name": "FortiAP-W2", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.2.5", "product": { "name": "FortiClient", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5", "product": { "name": "FortiVoice", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10", "product": { "name": "FortiOS", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiSwitch versions 7.2.x ant\u00e9rieures \u00e0 7.2.6", "product": { "name": "FortiSwitch", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.1", "product": { "name": "FortiDDoS", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAP versions ant\u00e9rieures \u00e0 7.2.4", "product": { "name": "FortiAP", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.2.8", "product": { "name": "FortiSwitch", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.1", "product": { "name": "FortiClient", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.2 Security Patch 9", "product": { "name": "FortiSOAR", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6", "product": { "name": "FortiAnalyzer", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 6.0.1", "product": { "name": "FortiDeceptor", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAP-S versions ant\u00e9rieures \u00e0 6.4.10", "product": { "name": "FortiAP-S", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4", "product": { "name": "FortiVoiceEnterprise", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.3", "product": { "name": "FortiAuthenticator", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.5", "product": { "name": "FortiPortal", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.19", "product": { "name": "FortiProxy", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1", "product": { "name": "FortiOS", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4", "product": { "name": "FortiAnalyzer", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5", "product": { "name": "FortiWeb", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.0.13", "product": { "name": "FortiManager", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5", "product": { "name": "FortiSandbox", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAP versions 7.4.x ant\u00e9rieures \u00e0 7.4.3", "product": { "name": "FortiAP", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.5", "product": { "name": "FortiClient", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.14", "product": { "name": "FortiSwitch", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.2.2", "product": { "name": "FortiNDR", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.12", "product": { "name": "FortiManager", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.0.12", "product": { "name": "FortiAnalyzer", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1", "product": { "name": "FortiManager", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5", "product": { "name": "FortiMail", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.3", "product": { "name": "FortiNDR", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.15", "product": { "name": "FortiProxy", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.3", "product": { "name": "FortiSOAR", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6", "product": { "name": "FortiManager", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.4.0", "product": { "name": "FortiClient", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.1.6", "product": { "name": "FortiSIEM", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5", "product": { "name": "FortiSandbox", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAP-W2 versions 7.4.x ant\u00e9rieures \u00e0 7.4.3", "product": { "name": "FortiAP-W2", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7", "product": { "name": "FortiSandbox", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4", "product": { "name": "FortiADC", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.6", "product": { "name": "FortiProxy", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.8", "product": { "name": "FortiSwitch", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiTester versions ant\u00e9rieures \u00e0 7.2.1", "product": { "name": "FortiTester", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.15", "product": { "name": "FortiAnalyzer", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.1", "product": { "name": "FortiAuthenticator", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10", "product": { "name": "FortiVoice", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.12", "product": { "name": "FortiProxy", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiSOAR versions 7.5.x ant\u00e9rieures \u00e0 7.5.1", "product": { "name": "FortiSOAR", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2", "product": { "name": "FortiRecorder", "vendor": { "name": "Fortinet", "scada": false } } }, { "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.7", "product": { "name": "FortiMail", "vendor": { "name": "Fortinet", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-45326", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45326" }, { "name": "CVE-2023-37931", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37931" }, { "name": "CVE-2024-32115", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32115" }, { "name": "CVE-2023-42786", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42786" }, { "name": "CVE-2024-35280", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35280" }, { "name": "CVE-2024-35273", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35273" }, { "name": "CVE-2024-48884", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48884" }, { "name": "CVE-2024-46666", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46666" }, { "name": "CVE-2022-23439", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23439" }, { "name": "CVE-2024-47571", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47571" }, { "name": "CVE-2024-35275", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35275" }, { "name": "CVE-2024-47573", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47573" }, { "name": "CVE-2024-52963", "url": "https://www.cve.org/CVERecord?id=CVE-2024-52963" }, { "name": "CVE-2023-37937", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37937" }, { "name": "CVE-2024-33503", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33503" }, { "name": "CVE-2024-55593", "url": "https://www.cve.org/CVERecord?id=CVE-2024-55593" }, { "name": "CVE-2024-48885", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48885" }, { "name": "CVE-2024-46662", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46662" }, { "name": "CVE-2024-27778", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27778" }, { "name": "CVE-2024-48893", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48893" }, { "name": "CVE-2024-47566", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47566" }, { "name": "CVE-2024-52969", "url": "https://www.cve.org/CVERecord?id=CVE-2024-52969" }, { "name": "CVE-2024-35276", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35276" }, { "name": "CVE-2024-40587", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40587" }, { "name": "CVE-2024-36512", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36512" }, { "name": "CVE-2023-46715", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46715" }, { "name": "CVE-2024-36510", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36510" }, { "name": "CVE-2024-56497", "url": "https://www.cve.org/CVERecord?id=CVE-2024-56497" }, { "name": "CVE-2024-46665", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46665" }, { "name": "CVE-2024-48890", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48890" }, { "name": "CVE-2024-21758", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21758" }, { "name": "CVE-2024-52967", "url": "https://www.cve.org/CVERecord?id=CVE-2024-52967" }, { "name": "CVE-2023-37936", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37936" }, { "name": "CVE-2024-46668", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46668" }, { "name": "CVE-2024-35278", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35278" }, { "name": "CVE-2024-26012", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26012" }, { "name": "CVE-2024-46664", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46664" }, { "name": "CVE-2024-23106", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23106" }, { "name": "CVE-2024-54021", "url": "https://www.cve.org/CVERecord?id=CVE-2024-54021" }, { "name": "CVE-2024-46669", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46669" }, { "name": "CVE-2023-5217", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5217" }, { "name": "CVE-2023-42785", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42785" }, { "name": "CVE-2024-36504", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36504" }, { "name": "CVE-2024-35277", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35277" }, { "name": "CVE-2023-4863", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4863" }, { "name": "CVE-2024-48886", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48886" }, { "name": "CVE-2024-50564", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50564" }, { "name": "CVE-2024-33502", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33502" }, { "name": "CVE-2024-45331", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45331" }, { "name": "CVE-2024-50563", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50563" }, { "name": "CVE-2024-36506", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36506" }, { "name": "CVE-2024-46667", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46667" }, { "name": "CVE-2024-46670", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46670" }, { "name": "CVE-2024-47572", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47572" } ], "initial_release_date": "2025-01-15T00:00:00", "last_revision_date": "2025-01-15T00:00:00", "links": [], "reference": "CERTFR-2025-AVI-0031", "revisions": [ { "description": "Version initiale", "revision_date": "2025-01-15T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet", "vendor_advisories": [ { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-258", "url": "https://www.fortiguard.com/psirt/FG-IR-23-258" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-458", "url": "https://www.fortiguard.com/psirt/FG-IR-23-458" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-061", "url": "https://www.fortiguard.com/psirt/FG-IR-24-061" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-405", "url": "https://www.fortiguard.com/psirt/FG-IR-23-405" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-285", "url": "https://www.fortiguard.com/psirt/FG-IR-24-285" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-165", "url": "https://www.fortiguard.com/psirt/FG-IR-24-165" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-494", "url": "https://www.fortiguard.com/psirt/FG-IR-23-494" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-220", "url": "https://www.fortiguard.com/psirt/FG-IR-23-220" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-221", "url": "https://www.fortiguard.com/psirt/FG-IR-24-221" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-078", "url": "https://www.fortiguard.com/psirt/FG-IR-24-078" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-282", "url": "https://www.fortiguard.com/psirt/FG-IR-24-282" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-373", "url": "https://www.fortiguard.com/psirt/FG-IR-24-373" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-106", "url": "https://www.fortiguard.com/psirt/FG-IR-24-106" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-250", "url": "https://www.fortiguard.com/psirt/FG-IR-24-250" }, { "published_at": "2025-01-15", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-189", "url": "https://www.fortiguard.com/psirt/FG-IR-23-189" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-401", "url": "https://www.fortiguard.com/psirt/FG-IR-24-401" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-239", "url": "https://www.fortiguard.com/psirt/FG-IR-24-239" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-097", "url": "https://www.fortiguard.com/psirt/FG-IR-24-097" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-260", "url": "https://www.fortiguard.com/psirt/FG-IR-23-260" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-170", "url": "https://www.fortiguard.com/psirt/FG-IR-23-170" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-259", "url": "https://www.fortiguard.com/psirt/FG-IR-24-259" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-143", "url": "https://www.fortiguard.com/psirt/FG-IR-24-143" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-476", "url": "https://www.fortiguard.com/psirt/FG-IR-23-476" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-415", "url": "https://www.fortiguard.com/psirt/FG-IR-24-415" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-461", "url": "https://www.fortiguard.com/psirt/FG-IR-23-461" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-266", "url": "https://www.fortiguard.com/psirt/FG-IR-24-266" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-407", "url": "https://www.fortiguard.com/psirt/FG-IR-23-407" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-086", "url": "https://www.fortiguard.com/psirt/FG-IR-24-086" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-465", "url": "https://www.fortiguard.com/psirt/FG-IR-24-465" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-222", "url": "https://www.fortiguard.com/psirt/FG-IR-24-222" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-219", "url": "https://www.fortiguard.com/psirt/FG-IR-24-219" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-210", "url": "https://www.fortiguard.com/psirt/FG-IR-24-210" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-211", "url": "https://www.fortiguard.com/psirt/FG-IR-24-211" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-267", "url": "https://www.fortiguard.com/psirt/FG-IR-24-267" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-010", "url": "https://www.fortiguard.com/psirt/FG-IR-24-010" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-473", "url": "https://www.fortiguard.com/psirt/FG-IR-23-473" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-216", "url": "https://www.fortiguard.com/psirt/FG-IR-24-216" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-326", "url": "https://www.fortiguard.com/psirt/FG-IR-24-326" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-135", "url": "https://www.fortiguard.com/psirt/FG-IR-24-135" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-152", "url": "https://www.fortiguard.com/psirt/FG-IR-24-152" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-304", "url": "https://www.fortiguard.com/psirt/FG-IR-24-304" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-164", "url": "https://www.fortiguard.com/psirt/FG-IR-24-164" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-310", "url": "https://www.fortiguard.com/psirt/FG-IR-24-310" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-405", "url": "https://www.fortiguard.com/psirt/FG-IR-24-405" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-127", "url": "https://www.fortiguard.com/psirt/FG-IR-24-127" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-381", "url": "https://www.fortiguard.com/psirt/FG-IR-23-381" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-091", "url": "https://www.fortiguard.com/psirt/FG-IR-24-091" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-417", "url": "https://www.fortiguard.com/psirt/FG-IR-24-417" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-293", "url": "https://www.fortiguard.com/psirt/FG-IR-23-293" }, { "published_at": "2025-01-14", "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-071", "url": "https://www.fortiguard.com/psirt/FG-IR-24-071" } ] }
CVE-2023-46715 (GCVE-0-2023-46715)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-346 - Improper access control
Summary
An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiProxy |
Version: 7.4.0 ≤ 7.4.1 Version: 7.2.0 ≤ 7.2.6 Version: 7.0.0 ≤ 7.0.12 |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-46715", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:15:14.692340Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:55:58.030Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.10", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.16", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-346", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:52.045Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-407", "url": "https://fortiguard.com/psirt/FG-IR-23-407" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiSASE version 22.4 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-46715", "datePublished": "2025-01-14T14:08:52.045Z", "dateReserved": "2023-10-25T08:43:15.290Z", "dateUpdated": "2025-01-14T20:55:58.030Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-36512 (GCVE-0-2024-36512)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Execute unauthorized code or commands
Summary
An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.3 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.2 ≤ 7.0.12 Version: 6.2.10 ≤ 6.2.13 cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:* |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36512", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:16:47.023639Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:56:36.826Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.2", "versionType": "semver" }, { "lessThanOrEqual": "6.2.13", "status": "affected", "version": "6.2.10", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiAnalyzer", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.2", "versionType": "semver" }, { "lessThanOrEqual": "6.2.13", "status": "affected", "version": "6.2.10", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:44.576Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-152", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-152" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiManager version 7.6.0 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiAnalyzer version 7.6.0 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiAnalyzer version 7.0.13 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-36512", "datePublished": "2025-01-14T14:08:44.576Z", "dateReserved": "2024-05-29T08:44:50.760Z", "dateUpdated": "2025-01-14T20:56:36.826Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-27778 (GCVE-0-2024-27778)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Execute unauthorized code or commands
Summary
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiSandbox |
Version: 4.4.0 ≤ 4.4.4 Version: 4.2.0 ≤ 4.2.6 Version: 4.0.0 ≤ 4.0.4 Version: 3.2.0 ≤ 3.2.4 Version: 3.1.0 ≤ 3.1.5 Version: 3.0.5 ≤ 3.0.7 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-27778", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:16:30.514916Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:54:50.087Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiSandbox", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "4.4.4", "status": "affected", "version": "4.4.0", "versionType": "semver" }, { "lessThanOrEqual": "4.2.6", "status": "affected", "version": "4.2.0", "versionType": "semver" }, { "lessThanOrEqual": "4.0.4", "status": "affected", "version": "4.0.0", "versionType": "semver" }, { "lessThanOrEqual": "3.2.4", "status": "affected", "version": "3.2.0", "versionType": "semver" }, { "lessThanOrEqual": "3.1.5", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThanOrEqual": "3.0.7", "status": "affected", "version": "3.0.5", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:34.439Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-061", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-061" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSandbox Cloud version 24.1 or above \nPlease upgrade to FortiSandbox version 4.4.5 or above \nPlease upgrade to FortiSandbox version 4.2.7 or above \nPlease upgrade to FortiSandbox version 4.0.5 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-27778", "datePublished": "2025-01-14T14:09:34.439Z", "dateReserved": "2024-02-26T14:46:31.334Z", "dateUpdated": "2025-01-14T20:54:50.087Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-45326 (GCVE-0-2024-45326)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper access control
Summary
An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiDeceptor |
Version: 6.0.0 Version: 5.3.0 ≤ 5.3.3 Version: 5.2.0 ≤ 5.2.1 Version: 5.1.0 Version: 5.0.0 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-45326", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:14:59.021895Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:53:58.952Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiDeceptor", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "6.0.0" }, { "lessThanOrEqual": "5.3.3", "status": "affected", "version": "5.3.0", "versionType": "semver" }, { "lessThanOrEqual": "5.2.1", "status": "affected", "version": "5.2.0", "versionType": "semver" }, { "status": "affected", "version": "5.1.0" }, { "status": "affected", "version": "5.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "An\u00a0Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:55.772Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-285" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiDeceptor version 6.1.0 or above \nPlease upgrade to FortiDeceptor version 6.0.1 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-45326", "datePublished": "2025-01-14T14:09:55.772Z", "dateReserved": "2024-08-27T06:43:07.250Z", "dateUpdated": "2025-01-14T20:53:58.952Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-5217 (GCVE-0-2023-5217)
Vulnerability from cvelistv5
Published
2023-09-28 15:23
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Heap buffer overflow
Summary
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:52:08.351Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html" }, { "tags": [ "x_transferred" ], "url": "https://crbug.com/1486441" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/7" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/9" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/" }, { "tags": [ "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-5217" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191" }, { "tags": [ "x_transferred" ], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "tags": [ "x_transferred" ], "url": "https://pastebin.com/TdkC4pDv" }, { "tags": [ "x_transferred" ], "url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590" }, { "tags": [ "x_transferred" ], "url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282" }, { "tags": [ "x_transferred" ], "url": "https://github.com/webmproject/libvpx/tags" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/11" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/12" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/14" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5510" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5509" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5508" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/1" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html" }, { "tags": [ "x_transferred" ], "url": "https://twitter.com/maddiestone/status/1707163313711497266" }, { "tags": [ "x_transferred" ], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/3" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/4" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/5" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/5" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/02/6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/11" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-04" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213961" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Oct/12" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213972" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Oct/16" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-34" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-5217", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2023-11-15T16:38:17.360361Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2023-10-02", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-5217" }, "type": "kev" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-30T01:37:15.657Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "timeline": [ { "lang": "en", "time": "2023-10-02T00:00:00+00:00", "value": "CVE-2023-5217 added to CISA KEV" } ], "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Chrome", "vendor": "Google", "versions": [ { "lessThan": "117.0.5938.132", "status": "affected", "version": "117.0.5938.132", "versionType": "custom" } ] }, { "product": "libvpx", "vendor": "Google", "versions": [ { "lessThan": "1.13.1", "status": "affected", "version": "1.13.1", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], "problemTypes": [ { "descriptions": [ { "description": "Heap buffer overflow", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-31T17:08:56.596Z", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html" }, { "url": "https://crbug.com/1486441" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/28/6" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/29/1" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/29/2" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/29/7" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/29/9" }, { "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/" }, { "url": "https://security-tracker.debian.org/tracker/CVE-2023-5217" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191" }, { "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/" }, { "url": "https://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "url": "https://pastebin.com/TdkC4pDv" }, { "url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590" }, { "url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282" }, { "url": "https://github.com/webmproject/libvpx/tags" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/29/11" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/29/12" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/29/14" }, { "url": "https://www.debian.org/security/2023/dsa-5510" }, { "url": "https://www.debian.org/security/2023/dsa-5509" }, { "url": "https://www.debian.org/security/2023/dsa-5508" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/30/1" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html" }, { "url": "https://twitter.com/maddiestone/status/1707163313711497266" }, { "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/" }, { "url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/30/3" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/30/2" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/30/4" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/30/5" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/" }, { "url": "http://www.openwall.com/lists/oss-security/2023/10/01/2" }, { "url": "http://www.openwall.com/lists/oss-security/2023/10/01/1" }, { "url": "http://www.openwall.com/lists/oss-security/2023/10/01/5" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/" }, { "url": "http://www.openwall.com/lists/oss-security/2023/10/02/6" }, { "url": "http://www.openwall.com/lists/oss-security/2023/10/03/11" }, { "url": "https://security.gentoo.org/glsa/202310-04" }, { "url": "https://support.apple.com/kb/HT213961" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/" }, { "url": "http://seclists.org/fulldisclosure/2023/Oct/12" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html" }, { "url": "https://support.apple.com/kb/HT213972" }, { "url": "http://seclists.org/fulldisclosure/2023/Oct/16" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/" }, { "url": "https://security.gentoo.org/glsa/202401-34" } ] } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2023-5217", "datePublished": "2023-09-28T15:23:18.340Z", "dateReserved": "2023-09-27T01:52:05.679Z", "dateUpdated": "2025-07-30T01:37:15.657Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-42785 (GCVE-0-2023-42785)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - Denial of service
Summary
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.1 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.16 Version: 6.4.0 ≤ 6.4.15 Version: 6.2.0 ≤ 6.2.16 Version: 6.0.0 ≤ 6.0.18 cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-42785", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:15:23.669911Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:56:29.240Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.16", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:47.926Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-293", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-293" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSASE version 23.4.a or above \nPlease upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.6 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-42785", "datePublished": "2025-01-14T14:08:47.926Z", "dateReserved": "2023-09-14T08:37:38.657Z", "dateUpdated": "2025-01-14T20:56:29.240Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-55593 (GCVE-0-2024-55593)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Information disclosure
Summary
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-55593", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:15:29.839471Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:56:58.704Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiWeb", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.6.1", "status": "affected", "version": "7.6.0", "versionType": "semver" }, { "lessThanOrEqual": "7.4.6", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.10", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.3", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.3.23", "status": "affected", "version": "6.3.6", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "Information disclosure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:36.557Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-465", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-465" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiWeb version 7.6.2 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-55593", "datePublished": "2025-01-14T14:08:36.557Z", "dateReserved": "2024-12-09T11:19:49.470Z", "dateUpdated": "2025-01-14T20:56:58.704Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-46668 (GCVE-0-2024-46668)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Denial of service
Summary
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.8 Version: 7.0.0 ≤ 7.0.15 Version: 6.4.0 ≤ 6.4.15 cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-46668", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:18:02.790039Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:55:43.639Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.4", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.15", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:59.162Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-219", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-219" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.9 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiOS version 6.4.16 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-46668", "datePublished": "2025-01-14T14:08:59.162Z", "dateReserved": "2024-09-11T12:14:59.204Z", "dateUpdated": "2025-01-14T20:55:43.639Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23106 (GCVE-0-2024-23106)
Vulnerability from cvelistv5
Published
2025-01-14 14:10
Modified
2025-02-18 21:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-307 - Improper access control
Summary
An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiClientEMS |
Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.10 Version: 6.4.7 ≤ 6.4.9 Version: 6.4.0 ≤ 6.4.4 Version: 6.2.6 ≤ 6.2.9 Version: 6.2.0 ≤ 6.2.4 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-23106", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T14:18:35.297797Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-18T21:34:28.472Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiClientEMS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.9", "status": "affected", "version": "6.4.7", "versionType": "semver" }, { "lessThanOrEqual": "6.4.4", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.9", "status": "affected", "version": "6.2.6", "versionType": "semver" }, { "lessThanOrEqual": "6.2.4", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-307", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:10:00.950Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-476", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-476" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiClientEMS version 7.4.0 or above \nPlease upgrade to FortiClientEMS version 7.2.5 or above \nPlease upgrade to FortiClientEMS version 7.0.11 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-23106", "datePublished": "2025-01-14T14:10:00.950Z", "dateReserved": "2024-01-11T16:29:07.978Z", "dateUpdated": "2025-02-18T21:34:28.472Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-35273 (GCVE-0-2024-35273)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Escalation of privilege
Summary
A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiAnalyzer |
Version: 7.4.0 ≤ 7.4.3 cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:* |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-35273", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:16:41.659053Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:55:51.137Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiAnalyzer", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Escalation of privilege", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:54.379Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-106", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-106" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiAnalyzer Cloud version 7.4.3 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiSwitchManager version 7.2.4 or above \nPlease upgrade to FortiProxy version 7.4.5 or above \nPlease upgrade to FortiPAM version 1.3.0 or above \nPlease upgrade to FortiADC version 7.6.0 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiAnalyzer version 7.6.0 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager Cloud version 7.4.3 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-35273", "datePublished": "2025-01-14T14:08:54.379Z", "dateReserved": "2024-05-14T21:15:19.188Z", "dateUpdated": "2025-01-14T20:55:51.137Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-35276 (GCVE-0-2024-35276)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Execute unauthorized code or commands
Summary
A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiAnalyzer |
Version: 7.4.0 ≤ 7.4.3 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.12 Version: 6.4.0 ≤ 6.4.14 cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:* |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-35276", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:15:20.448933Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:56:14.257Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiAnalyzer", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:50.740Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-165", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-165" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiAnalyzer version 7.6.0 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiAnalyzer version 7.0.13 or above \nPlease upgrade to FortiAnalyzer version 6.4.15 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above \nPlease upgrade to FortiManager Cloud version 7.2.6 or above \nPlease upgrade to FortiManager Cloud version 7.0.12 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.4 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.2.6 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.0.12 or above \nPlease upgrade to FortiPortal version 6.0.16 or above \nPlease upgrade to FortiManager version 7.6.0 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiManager version 6.4.15 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-35276", "datePublished": "2025-01-14T14:08:50.740Z", "dateReserved": "2024-05-14T21:15:19.189Z", "dateUpdated": "2025-01-14T20:56:14.257Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-35277 (GCVE-0-2024-35277)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-15 14:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Improper access control
Summary
A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.12 Version: 6.4.0 ≤ 6.4.14 cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-35277", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-15T14:56:46.600702Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-15T14:56:56.325Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.14", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:54.348Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-135", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-135" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiManager Cloud version 7.4.3 or above \nPlease upgrade to FortiManager Cloud version 7.2.7 or above \nPlease upgrade to FortiManager Cloud version 7.0.13 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-35277", "datePublished": "2025-01-14T14:09:54.348Z", "dateReserved": "2024-05-14T21:15:19.189Z", "dateUpdated": "2025-01-15T14:56:56.325Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-35278 (GCVE-0-2024-35278)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 16:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Information disclosure
Summary
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiPortal |
Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.8 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-35278", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T16:51:08.147833Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T16:51:29.678Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiPortal", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "Information disclosure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:45.115Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-086", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-086" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiPortal version 7.4.0 or above \nPlease upgrade to FortiPortal version 7.2.5 or above \nPlease upgrade to FortiPortal version 7.0.9 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-35278", "datePublished": "2025-01-14T14:09:45.115Z", "dateReserved": "2024-05-14T21:15:19.190Z", "dateUpdated": "2025-01-14T16:51:29.678Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-46664 (GCVE-0-2024-46664)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Improper access control
Summary
A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiRecorder |
Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.4 Version: 6.4.0 ≤ 6.4.5 cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-46664", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:15:05.621685Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:54:26.530Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiRecorder", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.4", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.5", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:40.070Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-310", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-310" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiRecorder version 7.2.2 or above \nPlease upgrade to FortiRecorder version 7.0.5 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-46664", "datePublished": "2025-01-14T14:09:40.070Z", "dateReserved": "2024-09-11T12:14:59.204Z", "dateUpdated": "2025-01-14T20:54:26.530Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-46669 (GCVE-0-2024-46669)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Denial of service
Summary
An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.10 cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-46669", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:15:26.892124Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:56:51.902Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.4", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.10", "status": "affected", "version": "7.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An\u00a0Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:37.297Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-267", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-267" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiSASE version 24.4.a or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-46669", "datePublished": "2025-01-14T14:08:37.297Z", "dateReserved": "2024-09-11T12:14:59.204Z", "dateUpdated": "2025-01-14T20:56:51.902Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21758 (GCVE-0-2024-21758)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-02-18 21:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Execute unauthorized code or commands
Summary
A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protections.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21758", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T14:31:01.390000Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-18T21:38:54.103Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiWeb", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protections." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:56.939Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-458", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-458" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiWeb version 7.4.2 or above \nPlease upgrade to FortiWeb version 7.2.8 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-21758", "datePublished": "2025-01-14T14:09:56.939Z", "dateReserved": "2024-01-02T10:15:00.526Z", "dateUpdated": "2025-02-18T21:38:54.103Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-32115 (GCVE-0-2024-32115)
Vulnerability from cvelistv5
Published
2025-01-14 14:10
Modified
2025-02-18 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Execute unauthorized code or commands
Summary
A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.13 cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-32115", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T14:15:51.838520Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-18T21:33:30.403Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:10:01.318Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-097", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-097" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-32115", "datePublished": "2025-01-14T14:10:01.318Z", "dateReserved": "2024-04-11T12:09:46.570Z", "dateUpdated": "2025-02-18T21:33:30.403Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-36510 (GCVE-0-2024-36510)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-15 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-204 - Information disclosure
Summary
An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiClientEMS |
Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.13 |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36510", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-15T14:50:55.718822Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-15T14:51:13.708Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiClientEMS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiSOAR", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.5.0" }, { "lessThanOrEqual": "7.4.4", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.3.2", "status": "affected", "version": "7.3.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.4", "status": "affected", "version": "6.4.3", "versionType": "semver" }, { "lessThanOrEqual": "6.4.1", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-204", "description": "Information disclosure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:49.286Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-071", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-071" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiClientEMS version 7.4.1 or above \nPlease upgrade to FortiClientEMS version 7.2.5 or above \nPlease upgrade to FortiSOAR version 7.6.0 or above \nPlease upgrade to FortiSOAR version 7.5.1 or above \nPlease upgrade to FortiSOAR version 7.4.5 or above \nPlease upgrade to FortiSOAR version 7.3.3 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-36510", "datePublished": "2025-01-14T14:09:49.286Z", "dateReserved": "2024-05-29T08:44:50.760Z", "dateUpdated": "2025-01-15T14:51:13.708Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-45331 (GCVE-0-2024-45331)
Vulnerability from cvelistv5
Published
2025-01-16 08:59
Modified
2025-01-16 14:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-266 - Escalation of privilege
Summary
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiAnalyzer |
Version: 7.4.0 ≤ 7.4.3 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.13 Version: 6.4.0 ≤ 6.4.15 cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:* |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-45331", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-16T14:17:17.440183Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-16T14:19:20.943Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiAnalyzer", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-266", "description": "Escalation of privilege", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-16T08:59:23.201Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-127", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-127" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiManager version 7.6.0 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above \nPlease upgrade to FortiManager Cloud version 7.2.7 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.3 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.2.7 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-45331", "datePublished": "2025-01-16T08:59:23.201Z", "dateReserved": "2024-08-27T06:43:07.251Z", "dateUpdated": "2025-01-16T14:19:20.943Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-46665 (GCVE-0-2024-46665)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-201 - Information disclosure
Summary
An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-46665", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:15:36.897456Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:57:35.579Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.6.0" }, { "lessThanOrEqual": "7.4.4", "status": "affected", "version": "7.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-201", "description": "Information disclosure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:26.784Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-326", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-326" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-46665", "datePublished": "2025-01-14T14:08:26.784Z", "dateReserved": "2024-09-11T12:14:59.204Z", "dateUpdated": "2025-01-14T20:57:35.579Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-47572 (GCVE-0-2024-47572)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-02-18 21:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1236 - Execute unauthorized code or commands
Summary
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiSOAR |
Version: 7.4.0 ≤ 7.4.1 Version: 7.3.0 ≤ 7.3.2 Version: 7.2.1 ≤ 7.2.2 cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-47572", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T14:25:14.521485Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-18T21:36:45.163Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiSOAR", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.3.2", "status": "affected", "version": "7.3.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.1", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1236", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:59.359Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-210", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-210" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSOAR version 7.4.2 or above \nPlease upgrade to FortiSOAR version 7.3.3 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-47572", "datePublished": "2025-01-14T14:09:59.359Z", "dateReserved": "2024-09-27T16:19:24.136Z", "dateUpdated": "2025-02-18T21:36:45.163Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-52969 (GCVE-0-2024-52969)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Information disclosure
Summary
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-52969", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:15:11.758765Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:55:36.518Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiSIEM", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.1.7", "status": "affected", "version": "7.1.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.9", "status": "affected", "version": "6.7.0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.5", "status": "affected", "version": "6.6.0", "versionType": "semver" }, { "lessThanOrEqual": "6.5.3", "status": "affected", "version": "6.5.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.4", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "Information disclosure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:59.640Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-417", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-417" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSIEM version 7.2.0 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-52969", "datePublished": "2025-01-14T14:08:59.640Z", "dateReserved": "2024-11-18T13:36:52.466Z", "dateUpdated": "2025-01-14T20:55:36.518Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-40587 (GCVE-0-2024-40587)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Execute unauthorized code or commands
Summary
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiVoice |
Version: 7.0.0 ≤ 7.0.4 Version: 6.4.0 ≤ 6.4.9 Version: 6.0.0 ≤ 6.0.12 cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-40587", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:16:24.715853Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:54:17.369Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiVoice", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.4", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.9", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.12", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:40.739Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-304", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-304" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiVoice version 7.2.0 or above \nPlease upgrade to FortiVoice version 7.0.5 or above \nPlease upgrade to FortiVoice version 6.4.10 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-40587", "datePublished": "2025-01-14T14:09:40.739Z", "dateReserved": "2024-07-05T11:55:50.010Z", "dateUpdated": "2025-01-14T20:54:17.369Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-23439 (GCVE-0-2022-23439)
Vulnerability from cvelistv5
Published
2025-01-22 09:10
Modified
2025-01-22 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-610 - Improper access control
Summary
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
References
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiTester |
Version: 7.2.0 ≤ 7.2.1 Version: 7.1.0 ≤ 7.1.1 Version: 7.0.0 Version: 4.2.0 ≤ 4.2.1 Version: 4.1.0 ≤ 4.1.1 Version: 4.0.0 Version: 3.9.0 ≤ 3.9.2 Version: 3.8.0 Version: 3.7.0 ≤ 3.7.1 Version: 3.6.0 Version: 3.5.0 ≤ 3.5.1 Version: 3.4.0 Version: 3.3.0 ≤ 3.3.1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2022-23439", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-22T14:21:27.552014Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-22T14:21:36.714Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiTester", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.1.1", "status": "affected", "version": "7.1.0", "versionType": "semver" }, { "status": "affected", "version": "7.0.0" }, { "lessThanOrEqual": "4.2.1", "status": "affected", "version": "4.2.0", "versionType": "semver" }, { "lessThanOrEqual": "4.1.1", "status": "affected", "version": "4.1.0", "versionType": "semver" }, { "status": "affected", "version": "4.0.0" }, { "lessThanOrEqual": "3.9.2", "status": "affected", "version": "3.9.0", "versionType": "semver" }, { "status": "affected", "version": "3.8.0" }, { "lessThanOrEqual": "3.7.1", "status": "affected", "version": "3.7.0", "versionType": "semver" }, { "status": "affected", "version": "3.6.0" }, { "lessThanOrEqual": "3.5.1", "status": "affected", "version": "3.5.0", "versionType": "semver" }, { "status": "affected", "version": "3.4.0" }, { "lessThanOrEqual": "3.3.1", "status": "affected", "version": "3.3.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.2.0" }, { "lessThanOrEqual": "7.0.5", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.0", "versionType": "semver" }, { "lessThan": "6.4.*", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.2.*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiMail", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.8", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.9", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.12", "status": "affected", "version": "6.0.0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.12", "status": "affected", "version": "5.4.0", "versionType": "semver" }, { "lessThan": "7.2.*", "status": "affected", "version": "7.2.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiSwitch", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.4", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.10", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.8", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.7", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiDDoS-F", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "6.3.3", "status": "affected", "version": "6.3.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.3", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.5", "status": "affected", "version": "6.1.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.4", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiRecorder", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "6.4.2", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.10", "status": "affected", "version": "6.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.7.7", "status": "affected", "version": "2.7.0", "versionType": "semver" }, { "lessThanOrEqual": "2.6.3", "status": "affected", "version": "2.6.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiNDR", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.2.0" }, { "status": "affected", "version": "7.1.0" }, { "lessThanOrEqual": "7.0.6", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.5.3", "status": "affected", "version": "1.5.0", "versionType": "semver" }, { "status": "affected", "version": "1.4.0" }, { "lessThanOrEqual": "1.3.1", "status": "affected", "version": "1.3.0", "versionType": "semver" }, { "status": "affected", "version": "1.2.0" }, { "status": "affected", "version": "1.1.0" } ] }, { "cpes": [ "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiADC", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.1", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.3", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.6", "status": "affected", "version": "6.1.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.4", "status": "affected", "version": "6.0.0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.5", "status": "affected", "version": "5.4.0", "versionType": "semver" }, { "lessThanOrEqual": "5.3.7", "status": "affected", "version": "5.3.0", "versionType": "semver" }, { "lessThanOrEqual": "5.2.8", "status": "affected", "version": "5.2.0", "versionType": "semver" }, { "lessThanOrEqual": "5.1.7", "status": "affected", "version": "5.1.0", "versionType": "semver" }, { "lessThanOrEqual": "5.0.4", "status": "affected", "version": "5.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.9", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.13", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiSOAR", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.4", "status": "affected", "version": "6.4.3", "versionType": "semver" }, { "lessThanOrEqual": "6.4.1", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiVoice", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.1", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.8", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.11", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiDDoS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "5.5.1", "status": "affected", "version": "5.5.0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.3", "status": "affected", "version": "5.4.0", "versionType": "semver" }, { "lessThanOrEqual": "5.3.2", "status": "affected", "version": "5.3.0", "versionType": "semver" }, { "status": "affected", "version": "5.2.0" }, { "status": "affected", "version": "5.1.0" }, { "status": "affected", "version": "5.0.0" }, { "status": "affected", "version": "4.7.0" }, { "status": "affected", "version": "4.6.0" }, { "status": "affected", "version": "4.5.0" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiWLC", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "8.6.7", "status": "affected", "version": "8.6.0", "versionType": "semver" }, { "lessThanOrEqual": "8.5.5", "status": "affected", "version": "8.5.0", "versionType": "semver" }, { "lessThanOrEqual": "8.4.8", "status": "affected", "version": "8.4.4", "versionType": "semver" }, { "lessThanOrEqual": "8.4.2", "status": "affected", "version": "8.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiAnalyzer", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.9", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.13", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiPortal", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "6.0.9", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiAuthenticator", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "6.4.1", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.3.3", "status": "affected", "version": "6.3.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.2", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.3", "status": "affected", "version": "6.1.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.8", "status": "affected", "version": "6.0.0", "versionType": "semver" }, { "status": "affected", "version": "5.5.0" }, { "lessThanOrEqual": "5.4.1", "status": "affected", "version": "5.4.0", "versionType": "semver" }, { "lessThanOrEqual": "5.3.1", "status": "affected", "version": "5.3.0", "versionType": "semver" }, { "lessThanOrEqual": "5.2.2", "status": "affected", "version": "5.2.0", "versionType": "semver" }, { "lessThanOrEqual": "5.1.2", "status": "affected", "version": "5.1.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-610", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-22T09:10:28.669Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-21-254", "url": "https://fortiguard.com/psirt/FG-IR-21-254" } ], "solutions": [ { "lang": "en", "value": "FortiOS\nAdministrative Interface\nPlease upgrade to FortiOS version 7.0.6 and above,\nPlease upgrade to FortiOS version 7.2.1 and above.\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebfilter interface (port 8008)\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nPlease upgrade to FortiOS version 7.0.12 or above\nPlease upgrade to FortiOS version 6.4.13 or above\n\nFortiProxy\nAdministrative Interface\nPlease upgrade to FortiProxy version 7.0.5 and above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiProxy version 7.4.0 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebFilter\u00a0interface (port 8008)\nPlease upgrade to FortiProxy version 7.4.0 or above\n\nPlease upgrade to FortiRecorder version 7.0.0 or above \nPlease upgrade to FortiRecorder version 6.4.3 or above \nPlease upgrade to FortiRecorder version 6.0.11 or above \nPlease upgrade to FortiNDR version 7.4.0 or above\n\nFortiNDR\nPlease upgrade to FortiNDR version 7.2.1 or above\nPlease upgrade to FortiNDR version 7.1.1 or above\nAND\nSet the `https-redirect-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set https-redirect-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\nend\n\nFortiADC\nPlease upgrade to FortiADC version 7.1.0 or above\nPlease upgrade to FortiADC version 7.0.2 or above\nPlease upgrade to FortiADC version 6.2.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n\u00a0 config system global\n\u00a0 \u00a0 set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nFortiDDOS-F\nPlease upgrade to FortiDDoS-F version 6.4.0 or above\nPlease upgrade to FortiDDoS-F version 6.3.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n\u00a0 config system global\n\u00a0 \u00a0 set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\" \n\nPlease upgrade to FortiSwitch version 7.2.0 or above \nPlease upgrade to FortiSwitch version 7.0.5 or above \nPlease upgrade to FortiSwitch version 6.4.11 or above \nPlease upgrade to FortiVoice version 7.0.2 or above\nPlease upgrade to FortiVoice version 6.4.9 or above\nPlease upgrade to FortiMail version 7.2.0 or above \nPlease upgrade to FortiMail version 7.0.4 or above \nPlease upgrade to FortiWLC version 8.6.7 or above \nPlease upgrade to FortiAuthenticator version 6.4.2 or above \nPlease upgrade to FortiAuthenticator version 6.3.4 or above \nPlease upgrade to FortiDDoS version 5.6.0 or above \nPlease upgrade to FortiDDoS version 5.5.2 or above \nPlease upgrade to FortiSOAR version 7.3.0 or above \nPlease upgrade to FortiTester version 7.3.0 or above \nPlease upgrade to FortiTester version 7.2.2 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2022-23439", "datePublished": "2025-01-22T09:10:28.669Z", "dateReserved": "2022-01-19T07:38:03.512Z", "dateUpdated": "2025-01-22T14:21:36.714Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-48886 (GCVE-0-2024-48886)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1390 - Execute unauthorized code or commands
Summary
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.8 Version: 7.0.0 ≤ 7.0.15 Version: 6.4.0 ≤ 6.4.15 cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-48886", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:16:27.567437Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:54:42.523Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.4", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.15", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.4", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.10", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.17", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1390", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:34.647Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-221", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-221" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.9 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiAnalyzer version 7.6.2 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.6.2 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.4 or above \nPlease upgrade to FortiManager version 7.6.2 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiProxy version 7.4.5 or above \nPlease upgrade to FortiProxy version 7.2.11 or above \nPlease upgrade to FortiProxy version 7.0.18 or above \nPlease upgrade to FortiProxy version 2.0.15 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-48886", "datePublished": "2025-01-14T14:09:34.647Z", "dateReserved": "2024-10-09T09:03:09.960Z", "dateUpdated": "2025-01-14T20:54:42.523Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-47566 (GCVE-0-2024-47566)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Execute unauthorized code or commands
Summary
A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiRecorder |
Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.4 Version: 6.4.0 ≤ 6.4.5 cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-47566", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:15:08.487870Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:54:34.253Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiRecorder", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.4", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.5", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:35.726Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-401", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-401" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiRecorder version 7.2.2 or above \nPlease upgrade to FortiRecorder version 7.0.5 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-47566", "datePublished": "2025-01-14T14:09:35.726Z", "dateReserved": "2024-09-27T16:19:24.135Z", "dateUpdated": "2025-01-14T20:54:34.253Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-42786 (GCVE-0-2023-42786)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - Denial of service
Summary
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.1 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.16 Version: 6.4.0 ≤ 6.4.15 Version: 6.2.0 ≤ 6.2.16 Version: 6.0.0 ≤ 6.0.18 cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-42786", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:15:17.589625Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:56:06.441Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.16", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:51.276Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-293", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-293" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSASE version 23.4.a or above \nPlease upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.6 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-42786", "datePublished": "2025-01-14T14:08:51.276Z", "dateReserved": "2023-09-14T08:37:38.657Z", "dateUpdated": "2025-01-14T20:56:06.441Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-48885 (GCVE-0-2024-48885)
Vulnerability from cvelistv5
Published
2025-01-16 09:01
Modified
2025-01-16 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Escalation of privilege
Summary
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets.
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiRecorder |
Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.4 cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:* |
||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-48885", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-16T14:15:57.157206Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-16T14:16:29.431Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiRecorder", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.4", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiWeb", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.6.0" }, { "lessThanOrEqual": "7.4.4", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.10", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.3", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiVoice", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.4", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.9", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.12", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Escalation of privilege", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-16T09:01:52.958Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-259", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-259" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiRecorder version 7.2.2 or above \nPlease upgrade to FortiRecorder version 7.0.5 or above \nPlease upgrade to FortiProxy version 7.4.6 or above \nPlease upgrade to FortiProxy version 7.2.12 or above \nPlease upgrade to FortiProxy version 7.0.19 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiWeb version 7.6.1 or above \nPlease upgrade to FortiWeb version 7.4.5 or above \nPlease upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.10 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiManager version 7.6.2 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiVoice version 7.2.0 or above \nPlease upgrade to FortiVoice version 7.0.5 or above \nPlease upgrade to FortiVoice version 6.4.10 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-48885", "datePublished": "2025-01-16T09:01:52.958Z", "dateReserved": "2024-10-09T09:03:09.960Z", "dateUpdated": "2025-01-16T14:16:29.431Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-48884 (GCVE-0-2024-48884)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-08-07 14:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Escalation of privilege
Summary
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.9 Version: 7.0.0 ≤ 7.0.15 Version: 6.4.0 ≤ 6.4.15 cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-48884", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:17:58.698254Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:55:28.999Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.6.0" }, { "lessThanOrEqual": "7.4.4", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.9", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.15", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.6.1", "status": "affected", "version": "7.6.0", "versionType": "semver" }, { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.1", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.5", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.11", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.18", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Escalation of privilege", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-07T14:17:44.186Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-259", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-259" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiRecorder version 7.2.2 or above \nPlease upgrade to FortiRecorder version 7.0.5 or above \nPlease upgrade to FortiProxy version 7.4.6 or above \nPlease upgrade to FortiProxy version 7.2.12 or above \nPlease upgrade to FortiProxy version 7.0.19 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiWeb version 7.6.1 or above \nPlease upgrade to FortiWeb version 7.4.5 or above \nPlease upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.10 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiOS version 6.4.16 or above \nPlease upgrade to FortiManager version 7.6.2 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiVoice version 7.2.0 or above \nPlease upgrade to FortiVoice version 7.0.5 or above \nPlease upgrade to FortiVoice version 6.4.10 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-48884", "datePublished": "2025-01-14T14:09:26.476Z", "dateReserved": "2024-10-09T09:03:09.960Z", "dateUpdated": "2025-08-07T14:17:44.186Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-46666 (GCVE-0-2024-46666)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-02-18 21:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Denial of service
Summary
An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.10 Version: 7.0.0 ≤ 7.0.16 Version: 6.4.0 ≤ 6.4.15 cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-46666", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:37:49.718656Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-18T21:39:30.528Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.6.0" }, { "lessThanOrEqual": "7.4.4", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.10", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.16", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:56.935Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-250", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-250" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-46666", "datePublished": "2025-01-14T14:09:56.935Z", "dateReserved": "2024-09-11T12:14:59.204Z", "dateUpdated": "2025-02-18T21:39:30.528Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-33502 (GCVE-0-2024-33502)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-15 14:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Execute unauthorized code or commands
Summary
An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.13 Version: 6.4.0 ≤ 6.4.15 Version: 6.2.0 ≤ 6.2.13 Version: 6.0.0 ≤ 6.0.12 cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:* |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-33502", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-15T14:54:07.239273Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-15T14:54:27.861Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.13", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.12", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiAnalyzer", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.13", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.12", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:F/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:50.493Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-143", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-143" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-33502", "datePublished": "2025-01-14T14:09:50.493Z", "dateReserved": "2024-04-23T14:18:29.829Z", "dateUpdated": "2025-01-15T14:54:27.861Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-26012 (GCVE-0-2024-26012)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-15 14:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Execute unauthorized code or commands
Summary
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI.
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiAP-S |
Version: 6.4.0 ≤ 6.4.9 Version: 6.2.0 ≤ 6.2.6 cpe:2.3:a:fortinet:fortiap-s:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.0:*:*:*:*:*:*:* |
||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26012", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-15T14:56:09.448550Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-15T14:56:20.011Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortiap-s:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiAP-S", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "6.4.9", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.6", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiAP-W2", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.10", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiAP", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.9", "status": "affected", "version": "6.4.3", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:54.124Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-405", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-405" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiAP-S version 6.4.10 or above \nPlease upgrade to FortiAP-W2 version 7.4.3 or above \nPlease upgrade to FortiAP-W2 version 7.2.4 or above \nPlease upgrade to FortiAP version 7.4.3 or above \nPlease upgrade to FortiAP version 7.2.4 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-26012", "datePublished": "2025-01-14T14:09:54.124Z", "dateReserved": "2024-02-14T09:18:43.246Z", "dateUpdated": "2025-01-15T14:56:20.011Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-37937 (GCVE-0-2023-37937)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Execute unauthorized code or commands
Summary
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiSwitch |
Version: 7.4.0 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.7 Version: 6.4.0 ≤ 6.4.13 Version: 6.2.0 ≤ 6.2.7 Version: 6.0.0 ≤ 6.0.7 cpe:2.3:a:fortinet:fortiswitch:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-37937", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:16:36.114892Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:55:14.029Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortiswitch:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiSwitch", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.4.0" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.13", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.7", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.7", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:30.314Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-258", "url": "https://fortiguard.com/psirt/FG-IR-23-258" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSwitch version 7.4.1 or above\nPlease upgrade to FortiSwitch version 7.2.6 or above\nPlease upgrade to FortiSwitch version 7.0.8 or above\nPlease upgrade to FortiSwitch version 6.4.14 or above\nPlease upgrade to FortiSwitch version 6.2.8 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-37937", "datePublished": "2025-01-14T14:09:30.314Z", "dateReserved": "2023-07-11T08:16:54.093Z", "dateUpdated": "2025-01-14T20:55:14.029Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-35280 (GCVE-0-2024-35280)
Vulnerability from cvelistv5
Published
2025-01-15 10:07
Modified
2025-01-15 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Execute unauthorized code or commands
Summary
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiDeceptor |
Version: 5.3.0 Version: 5.2.0 Version: 5.1.0 Version: 5.0.0 Version: 4.3.0 Version: 4.2.0 Version: 4.1.0 ≤ 4.1.1 Version: 4.0.0 ≤ 4.0.2 Version: 3.3.0 ≤ 3.3.3 Version: 3.2.0 ≤ 3.2.2 Version: 3.1.0 ≤ 3.1.1 Version: 3.0.0 ≤ 3.0.2 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-35280", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-15T14:44:56.156689Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-15T14:45:11.764Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiDeceptor", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "5.3.0" }, { "status": "affected", "version": "5.2.0" }, { "status": "affected", "version": "5.1.0" }, { "status": "affected", "version": "5.0.0" }, { "status": "affected", "version": "4.3.0" }, { "status": "affected", "version": "4.2.0" }, { "lessThanOrEqual": "4.1.1", "status": "affected", "version": "4.1.0", "versionType": "semver" }, { "lessThanOrEqual": "4.0.2", "status": "affected", "version": "4.0.0", "versionType": "semver" }, { "lessThanOrEqual": "3.3.3", "status": "affected", "version": "3.3.0", "versionType": "semver" }, { "lessThanOrEqual": "3.2.2", "status": "affected", "version": "3.2.0", "versionType": "semver" }, { "lessThanOrEqual": "3.1.1", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThanOrEqual": "3.0.2", "status": "affected", "version": "3.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-15T10:07:14.953Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-010", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-010" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiDeceptor version 6.0.0 or above \nPlease upgrade to FortiDeceptor version 5.3.1 or above \nPlease upgrade to FortiDeceptor version 5.2.1 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-35280", "datePublished": "2025-01-15T10:07:14.953Z", "dateReserved": "2024-05-14T21:15:19.190Z", "dateUpdated": "2025-01-15T14:45:11.764Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-33503 (GCVE-0-2024-33503)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-266 - Escalation of privilege
Summary
A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.3 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.13 Version: 6.4.0 ≤ 6.4.15 cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-33503", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:16:33.256242Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:54:57.869Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-266", "description": "Escalation of privilege", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:33.613Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-127", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-127" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiManager version 7.6.0 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above \nPlease upgrade to FortiManager Cloud version 7.2.7 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.3 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.2.7 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-33503", "datePublished": "2025-01-14T14:09:33.613Z", "dateReserved": "2024-04-23T14:18:29.830Z", "dateUpdated": "2025-01-14T20:54:57.869Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-46667 (GCVE-0-2024-46667)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-02-18 21:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Denial of service
Summary
A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiSIEM |
Version: 7.1.0 ≤ 7.1.5 Version: 7.0.0 ≤ 7.0.3 Version: 6.7.0 ≤ 6.7.9 Version: 6.6.0 ≤ 6.6.5 Version: 6.5.0 ≤ 6.5.3 Version: 6.4.0 ≤ 6.4.4 Version: 6.3.0 ≤ 6.3.3 Version: 6.2.0 ≤ 6.2.1 Version: 6.1.0 ≤ 6.1.2 Version: 5.4.0 Version: 5.3.0 ≤ 5.3.3 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-46667", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T14:27:09.560945Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-18T21:37:18.364Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiSIEM", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.1.5", "status": "affected", "version": "7.1.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.9", "status": "affected", "version": "6.7.0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.5", "status": "affected", "version": "6.6.0", "versionType": "semver" }, { "lessThanOrEqual": "6.5.3", "status": "affected", "version": "6.5.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.4", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.3.3", "status": "affected", "version": "6.3.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.1", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.2", "status": "affected", "version": "6.1.0", "versionType": "semver" }, { "status": "affected", "version": "5.4.0" }, { "lessThanOrEqual": "5.3.3", "status": "affected", "version": "5.3.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:W/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:58.844Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-164", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-164" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSIEM version 7.2.0 or above \nPlease upgrade to FortiSIEM version 7.1.6 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-46667", "datePublished": "2025-01-14T14:09:58.844Z", "dateReserved": "2024-09-11T12:14:59.204Z", "dateUpdated": "2025-02-18T21:37:18.364Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-37931 (GCVE-0-2023-37931)
Vulnerability from cvelistv5
Published
2025-01-14 14:10
Modified
2025-02-18 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Execute unauthorized code or commands
Summary
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiVoice |
Version: 7.0.0 ≤ 7.0.1 Version: 6.4.0 ≤ 6.4.8 Version: 6.0.0 ≤ 6.0.12 cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-37931", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T14:20:56.927727Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-18T21:35:20.264Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiVoice", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.0.1", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.8", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.12", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:10:00.867Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-220", "url": "https://fortiguard.com/psirt/FG-IR-23-220" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-37931", "datePublished": "2025-01-14T14:10:00.867Z", "dateReserved": "2023-07-11T08:16:54.092Z", "dateUpdated": "2025-02-18T21:35:20.264Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-36506 (GCVE-0-2024-36506)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-15 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-940 - Improper access control
Summary
An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiClientEMS |
Version: 7.4.0 Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.13 Version: 6.4.7 ≤ 6.4.9 Version: 6.4.0 ≤ 6.4.4 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36506", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-15T14:55:35.373852Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-15T14:55:47.884Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiClientEMS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.4.0" }, { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.9", "status": "affected", "version": "6.4.7", "versionType": "semver" }, { "lessThanOrEqual": "6.4.4", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-940", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:52.227Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-078", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-078" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiClientEMS version 7.4.1 or above \nPlease upgrade to FortiClientEMS version 7.2.5 or above \nPlease upgrade to FortiSASE version 24.2.c or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-36506", "datePublished": "2025-01-14T14:09:52.227Z", "dateReserved": "2024-05-29T08:44:50.759Z", "dateUpdated": "2025-01-15T14:55:47.884Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-50564 (GCVE-0-2024-50564)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-15 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-321 - Information disclosure
Summary
A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiClientWindows |
Version: 7.4.0 Version: 7.2.0 ≤ 7.2.7 Version: 7.0.0 ≤ 7.0.14 Version: 6.4.0 ≤ 6.4.10 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-50564", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-15T14:51:55.463826Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-15T14:53:40.154Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiClientWindows", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.4.0" }, { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.14", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.10", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-321", "description": "Information disclosure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:49.460Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-216", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-216" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiClientWindows version 7.4.1 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-50564", "datePublished": "2025-01-14T14:09:49.460Z", "dateReserved": "2024-10-24T11:52:14.401Z", "dateUpdated": "2025-01-15T14:53:40.154Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-46670 (GCVE-0-2024-46670)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Denial of service
Summary
An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests.
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.9 cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* |
||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-46670", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:18:06.282792Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:56:44.074Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.6.0" }, { "lessThanOrEqual": "7.4.4", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.9", "status": "affected", "version": "7.2.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.5", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.11", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.18", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiPAM", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "1.4.1", "status": "affected", "version": "1.4.0", "versionType": "semver" }, { "status": "affected", "version": "1.3.0" }, { "status": "affected", "version": "1.2.0" }, { "lessThanOrEqual": "1.1.2", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An\u00a0Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:41.759Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-266", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-266" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSASE version 24.3.c or above \nPlease upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.10 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-46670", "datePublished": "2025-01-14T14:08:41.759Z", "dateReserved": "2024-09-11T12:14:59.205Z", "dateUpdated": "2025-01-14T20:56:44.074Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-47573 (GCVE-0-2024-47573)
Vulnerability from cvelistv5
Published
2025-03-14 15:04
Modified
2025-03-14 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-354 - Denial of service
Summary
An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-47573", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-03-14T17:53:14.212011Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-14T17:53:27.052Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiNDR", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.1.1", "status": "affected", "version": "7.1.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.6", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:X/RC:X", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-354", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-14T15:04:55.721Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-461", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-461" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiNDR version 7.4.3 or above \nPlease upgrade to FortiNDR version 7.2.2 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-47573", "datePublished": "2025-03-14T15:04:55.721Z", "dateReserved": "2024-09-27T16:19:24.136Z", "dateUpdated": "2025-03-14T17:53:27.052Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-48890 (GCVE-0-2024-48890)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-15 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Execute unauthorized code or commands
Summary
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-48890", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-15T14:54:48.634044Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-15T14:55:00.652Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiSOAR", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.5.0" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:50.944Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-415", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-415" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSOAR version 7.5.1 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-48890", "datePublished": "2025-01-14T14:09:50.944Z", "dateReserved": "2024-10-09T09:03:09.962Z", "dateUpdated": "2025-01-15T14:55:00.652Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-36504 (GCVE-0-2024-36504)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-02-18 21:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Denial of service
Summary
An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.8 Version: 7.0.0 ≤ 7.0.16 Version: 6.4.0 ≤ 6.4.15 cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36504", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T14:29:08.113154Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-18T21:38:19.515Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.4", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.16", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:58.824Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-473", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-473" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.9 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-36504", "datePublished": "2025-01-14T14:09:58.824Z", "dateReserved": "2024-05-29T08:44:50.759Z", "dateUpdated": "2025-02-18T21:38:19.515Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-4863 (GCVE-0-2023-4863)
Vulnerability from cvelistv5
Published
2023-09-12 14:24
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Heap buffer overflow
Summary
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-19T07:48:10.265Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html" }, { "tags": [ "x_transferred" ], "url": "https://crbug.com/1479274" }, { "tags": [ "x_transferred" ], "url": "https://en.bandisoft.com/honeyview/history/" }, { "tags": [ "x_transferred" ], "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a" }, { "tags": [ "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863" }, { "tags": [ "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=37478403" }, { "tags": [ "x_transferred" ], "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5496" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5497" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5498" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-05" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/" }, { "tags": [ "x_transferred" ], "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4" }, { "tags": [ "x_transferred" ], "url": "https://blog.isosceles.com/the-webp-0day/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230929-0011/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/" }, { "tags": [ "x_transferred" ], "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16" }, { "tags": [ "x_transferred" ], "url": "https://www.bentley.com/advisories/be-2023-0001/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-10" }, { "url": "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-4863", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2023-11-28T05:00:18.341149Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2023-09-13", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863" }, "type": "kev" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-30T01:37:17.753Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "timeline": [ { "lang": "en", "time": "2023-09-13T00:00:00+00:00", "value": "CVE-2023-4863 added to CISA KEV" } ], "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Chrome", "vendor": "Google", "versions": [ { "lessThan": "116.0.5845.187", "status": "affected", "version": "116.0.5845.187", "versionType": "custom" } ] }, { "product": "libwebp", "vendor": "Google", "versions": [ { "lessThan": "1.3.2", "status": "affected", "version": "1.3.2", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)" } ], "problemTypes": [ { "descriptions": [ { "description": "Heap buffer overflow", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-07T11:07:27.027Z", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html" }, { "url": "https://crbug.com/1479274" }, { "url": "https://en.bandisoft.com/honeyview/history/" }, { "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/" }, { "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/" }, { "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a" }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863" }, { "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231" }, { "url": "https://news.ycombinator.com/item?id=37478403" }, { "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/" }, { "url": "https://www.debian.org/security/2023/dsa-5496" }, { "url": "https://www.debian.org/security/2023/dsa-5497" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/" }, { "url": "https://www.debian.org/security/2023/dsa-5498" }, { "url": "https://security.gentoo.org/glsa/202309-05" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/" }, { "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/" }, { "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4" }, { "url": "https://blog.isosceles.com/the-webp-0day/" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4" }, { "url": "https://security.netapp.com/advisory/ntap-20230929-0011/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/" }, { "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16" }, { "url": "https://www.bentley.com/advisories/be-2023-0001/" }, { "url": "https://security.gentoo.org/glsa/202401-10" } ] } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2023-4863", "datePublished": "2023-09-12T14:24:59.275Z", "dateReserved": "2023-09-09T01:02:58.312Z", "dateUpdated": "2025-07-30T01:37:17.753Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-50563 (GCVE-0-2024-50563)
Vulnerability from cvelistv5
Published
2025-01-16 09:16
Modified
2025-01-16 14:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1390 - Execute unauthorized code or commands
Summary
A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiAnalyzer |
Version: 7.6.0 ≤ 7.6.1 Version: 7.4.1 ≤ 7.4.3 cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:* |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-50563", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-16T14:14:02.872070Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-16T14:14:17.790Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiAnalyzer", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.6.1", "status": "affected", "version": "7.6.0", "versionType": "semver" }, { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.1", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.6.1", "status": "affected", "version": "7.6.0", "versionType": "semver" }, { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.1", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1390", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-16T09:16:52.864Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-221", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-221" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.9 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiAnalyzer version 7.6.2 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.6.2 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.4 or above \nPlease upgrade to FortiManager version 7.6.2 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiProxy version 7.4.5 or above \nPlease upgrade to FortiProxy version 7.2.11 or above \nPlease upgrade to FortiProxy version 7.0.18 or above \nPlease upgrade to FortiProxy version 2.0.15 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-50563", "datePublished": "2025-01-16T09:16:52.864Z", "dateReserved": "2024-10-24T11:52:14.401Z", "dateUpdated": "2025-01-16T14:14:17.790Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-37936 (GCVE-0-2023-37936)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-321 - Execute unauthorized code or commands
Summary
A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiSwitch |
Version: 7.4.0 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.7 Version: 6.4.0 ≤ 6.4.13 Version: 6.2.0 ≤ 6.2.7 Version: 6.0.0 ≤ 6.0.7 cpe:2.3:a:fortinet:fortiswitch:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-37936", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:18:43.351489Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:55:06.579Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortiswitch:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiSwitch", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.4.0" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.7", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.13", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.7", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.7", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-321", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:30.417Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-260", "url": "https://fortiguard.com/psirt/FG-IR-23-260" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSwitch version 7.4.1 or above\nPlease upgrade to FortiSwitch version 7.2.6 or above\nPlease upgrade to FortiSwitch version 7.0.8 or above\nPlease upgrade to FortiSwitch version 6.4.14 or above\nPlease upgrade to FortiSwitch version 6.2.8 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-37936", "datePublished": "2025-01-14T14:09:30.417Z", "dateReserved": "2023-07-11T08:16:54.093Z", "dateUpdated": "2025-01-14T20:55:06.579Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-47571 (GCVE-0-2024-47571)
Vulnerability from cvelistv5
Published
2025-01-14 14:10
Modified
2025-02-18 21:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-672 - Improper access control
Summary
An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiManager |
Version: 7.4.0 Version: 7.2.3 Version: 7.0.7 ≤ 7.0.8 Version: 6.4.12 cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-47571", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T14:23:18.623557Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-18T21:36:03.768Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.4.0" }, { "status": "affected", "version": "7.2.3" }, { "lessThanOrEqual": "7.0.8", "status": "affected", "version": "7.0.7", "versionType": "semver" }, { "status": "affected", "version": "6.4.12" } ] } ], "descriptions": [ { "lang": "en", "value": "An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-672", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:10:00.156Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-239", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-239" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiManager version 7.4.1 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiManager version 7.0.9 or above \nPlease upgrade to FortiManager version 6.4.13 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-47571", "datePublished": "2025-01-14T14:10:00.156Z", "dateReserved": "2024-09-27T16:19:24.136Z", "dateUpdated": "2025-02-18T21:36:03.768Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-48893 (GCVE-0-2024-48893)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Execute unauthorized code or commands
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiSOAR |
Version: 7.3.0 ≤ 7.3.3 Version: 7.2.1 ≤ 7.2.2 cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-48893", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:16:52.295434Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:57:27.993Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiSOAR", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.3.3", "status": "affected", "version": "7.3.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.1", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:29.839Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-405", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-405" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSOAR version 7.4.0 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-48893", "datePublished": "2025-01-14T14:08:29.839Z", "dateReserved": "2024-10-09T09:03:09.963Z", "dateUpdated": "2025-01-14T20:57:27.993Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-46662 (GCVE-0-2024-46662)
Vulnerability from cvelistv5
Published
2025-03-14 15:03
Modified
2025-03-15 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Escalation of privilege
Summary
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiManager |
Version: 7.4.1 ≤ 7.4.3 cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-46662", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-03-14T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-15T03:55:27.259Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.1", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A improper neutralization of special elements used in a command (\u0027command injection\u0027) in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "Escalation of privilege", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-14T15:03:27.830Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-222", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-222" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiManager version 7.6.0 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-46662", "datePublished": "2025-03-14T15:03:27.830Z", "dateReserved": "2024-09-11T12:14:59.203Z", "dateUpdated": "2025-03-15T03:55:27.259Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-56497 (GCVE-0-2024-56497)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Execute unauthorized code or commands
Summary
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiMail |
Version: 7.2.0 ≤ 7.2.4 Version: 7.0.0 ≤ 7.0.6 Version: 6.4.0 ≤ 6.4.7 cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:* |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-56497", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:16:38.876441Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:55:21.625Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiMail", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.6", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.7", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiRecorder", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.0.0" }, { "lessThanOrEqual": "6.4.4", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:27.433Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-170", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-170" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiMail version 7.4.0 or above \nPlease upgrade to FortiMail version 7.2.5 or above \nPlease upgrade to FortiMail version 7.0.7 or above \nPlease upgrade to FortiMail version 6.4.8 or above \nPlease upgrade to FortiRecorder version 7.2.0 or above \nPlease upgrade to FortiRecorder version 7.0.2 or above \nPlease upgrade to FortiRecorder version 6.4.5 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-56497", "datePublished": "2025-01-14T14:09:27.433Z", "dateReserved": "2024-12-26T15:39:07.871Z", "dateUpdated": "2025-01-14T20:55:21.625Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-52963 (GCVE-0-2024-52963)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Denial of service
Summary
A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiProxy |
Version: 7.4.0 ≤ 7.4.5 Version: 7.2.0 ≤ 7.2.13 Version: 7.0.0 ≤ 7.0.20 Version: 2.0.0 ≤ 2.0.14 |
||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-52963", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:15:33.947500Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:57:21.296Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.5", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.13", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.20", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.6.0" }, { "lessThanOrEqual": "7.4.6", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.10", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.16", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiPAM", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "1.4.2", "status": "affected", "version": "1.4.0", "versionType": "semver" }, { "lessThanOrEqual": "1.3.1", "status": "affected", "version": "1.3.0", "versionType": "semver" }, { "status": "affected", "version": "1.2.0" }, { "lessThanOrEqual": "1.1.2", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:W/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Denial of service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:31.001Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-373", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-373" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.6.1 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-52963", "datePublished": "2025-01-14T14:08:31.001Z", "dateReserved": "2024-11-18T13:36:52.465Z", "dateUpdated": "2025-01-14T20:57:21.296Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-35275 (GCVE-0-2024-35275)
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Escalation of privilege
Summary
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.2 cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-35275", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:16:44.327500Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:56:22.260Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiAnalyzer", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "Escalation of privilege", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:08:49.273Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-091", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-091" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager Cloud version 7.4.3 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.6.0 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-35275", "datePublished": "2025-01-14T14:08:49.273Z", "dateReserved": "2024-05-14T21:15:19.188Z", "dateUpdated": "2025-01-14T20:56:22.260Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-54021 (GCVE-0-2024-54021)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-08-06 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-113 - Execute unauthorized code or commands
Summary
An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.8 cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* |
|||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-54021", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-15T14:49:26.902314Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-15T14:49:47.028Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.6.0" }, { "lessThanOrEqual": "7.4.4", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" } ] }, { "cpes": [], "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.5", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.11", "status": "affected", "version": "7.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027http response splitting\u0027) vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:F/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-113", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-06T18:04:37.181Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-282", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-282" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiSASE version 24.3.c or above \nPlease upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.4.6 or above \nPlease upgrade to FortiProxy version 7.2.12 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-54021", "datePublished": "2025-01-14T14:09:48.859Z", "dateReserved": "2024-11-27T15:20:39.890Z", "dateUpdated": "2025-08-06T18:04:37.181Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-52967 (GCVE-0-2024-52967)
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Execute unauthorized code or commands
Summary
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiPortal |
Version: 6.0.0 ≤ 6.0.14 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-52967", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-14T15:15:02.667293Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-14T20:54:08.452Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [], "defaultStatus": "unaffected", "product": "FortiPortal", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "6.0.14", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-80", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-14T14:09:44.113Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-211", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-211" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiPortal version 6.0.15 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-52967", "datePublished": "2025-01-14T14:09:44.113Z", "dateReserved": "2024-11-18T13:36:52.465Z", "dateUpdated": "2025-01-14T20:54:08.452Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…