FortiOS

Description

Product name

fortios

CVE-2024-26013 (GCVE-0-2024-26013)

Vulnerability from – Published: 2025-04-08 14:03 – Updated: 2025-04-09 04:00
VLAI?
Summary
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device
Severity ?
7.1 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
CWE
  • CWE-923 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiProxy Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver)
Affected: 7.0.0 , ≤ 7.0.15 (semver)
Affected: 2.0.0 , ≤ 2.0.14 (semver)
Create a notification for this product.
    Fortinet FortiManager Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.4 (semver)
Affected: 7.0.0 , ≤ 7.0.11 (semver)
Affected: 6.4.0 , ≤ 6.4.14 (semver)
Affected: 6.2.0 , ≤ 6.2.13 (semver)
    cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiOS Affected: 7.4.0 , ≤ 7.4.3 (semver)
Affected: 7.2.0 , ≤ 7.2.7 (semver)
Affected: 7.0.0 , ≤ 7.0.14 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
Affected: 6.2.0 , ≤ 6.2.16 (semver)
    cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26013",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-09T04:00:42.113Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.14",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.11",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.7",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.14",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.16",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-923",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-08T14:03:49.230Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-046",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-046"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.10 or above \nPlease upgrade to FortiProxy version 7.0.16 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.9 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiOS version 6.2.17 or above \nPlease upgrade to FortiVoice version 7.2.0 or above \nPlease upgrade to FortiVoice version 7.0.3 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \nPlease upgrade to FortiSASE version 23.1 or above \nPlease upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.5 or above \nPlease upgrade to FortiManager version 7.0.12 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiManager version 6.2.14 or above \nPlease upgrade to FortiWeb version 7.6.0 or above \nPlease upgrade to FortiWeb version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.5 or above \nPlease upgrade to FortiAnalyzer version 7.0.12 or above \nPlease upgrade to FortiAnalyzer version 6.4.15 or above \nPlease upgrade to FortiAnalyzer version 6.2.14 or above \nPlease upgrade to FortiGate Cloud version 24.5 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-26013",
    "datePublished": "2025-04-08T14:03:49.230Z",
    "dateReserved": "2024-02-14T09:18:43.246Z",
    "dateUpdated": "2025-04-09T04:00:42.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-37930 (GCVE-0-2023-37930)

Vulnerability from – Published: 2025-04-08 14:03 – Updated: 2025-04-09 04:00
VLAI?
Summary
Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities in Fortinet FortiOS SSL VPN webmode version 7.4.0, version 7.2.0 through 7.2.5, version 7.0.1 through 7.0.11 and version 6.4.7 through 6.4.14 and Fortinet FortiProxy SSL VPN webmode version 7.2.0 through 7.2.6 and version 7.0.0 through 7.0.12 allows a VPN user to corrupt memory potentially leading to code or commands execution via specifically crafted requests.
Severity ?
6.7 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE
  • CWE-908 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiOS Affected: 7.4.0
Affected: 7.2.0 , ≤ 7.2.5 (semver)
Affected: 7.0.1 , ≤ 7.0.11 (semver)
Affected: 6.4.7 , ≤ 6.4.14 (semver)
    cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiProxy Affected: 7.2.0 , ≤ 7.2.6 (semver)
Affected: 7.0.0 , ≤ 7.0.12 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37930",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-09T04:00:40.351Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.11",
              "status": "affected",
              "version": "7.0.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.6",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.12",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities in Fortinet FortiOS SSL VPN webmode version 7.4.0, version 7.2.0 through 7.2.5, version 7.0.1 through 7.0.11 and version 6.4.7 through 6.4.14 and Fortinet FortiProxy SSL VPN webmode version 7.2.0 through 7.2.6 and version 7.0.0 through 7.0.12 allows a VPN user to corrupt memory potentially leading to code or commands execution via specifically crafted requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-908",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-08T14:03:38.016Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-165",
          "url": "https://fortiguard.com/psirt/FG-IR-23-165"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiOS version 7.4.1 or above\r\nPlease upgrade to FortiOS version 7.2.6 or above\r\nPlease upgrade to FortiOS version 7.0.13 or above\r\nPlease upgrade to FortiOS version 6.4.15 or above\r\nPlease upgrade to FortiOS version 6.4.14 or above\r\nPlease upgrade to FortiProxy version 7.4.0 or above\r\nPlease upgrade to FortiProxy version 7.2.7 or above\r\nPlease upgrade to FortiProxy version 7.0.13 or above\r\n\r\nFortiSASE is no longer impacted, issue remediated Q3/23\r\n\r\n## Workaround:\r\n\r\n\r\nDisable SSLVPN webmode.\r\n\r\nAlternatively, please use SSLVPN tunnel mode, IPsec (tunnel) or ZTNA (web access).\r\n\r\nhttps://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-disable-SSL-VPN-Web-Mode-or-Tunnel-Mode-in/ta-p/217990\r\n\r\nhttps://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/45836/ssl-vpn-to-ipsec-vpn\r\n\r\nhttps://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/78050/migrating-from-ssl-vpn-to-ztna"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-37930",
    "datePublished": "2025-04-08T14:03:38.016Z",
    "dateReserved": "2023-07-11T08:16:54.092Z",
    "dateUpdated": "2025-04-09T04:00:40.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-50565 (GCVE-0-2024-50565)

Vulnerability from – Published: 2025-04-08 14:03 – Updated: 2025-04-08 14:22
VLAI?
Summary
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device
Severity ?
3 (Low)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C
CWE
  • CWE-300 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiOS Affected: 7.4.0 , ≤ 7.4.4 (semver)
Affected: 7.2.0 , ≤ 7.2.8 (semver)
Affected: 7.0.0 , ≤ 7.0.15 (semver)
Affected: 6.4.0 , ≤ 6.4.16 (semver)
Affected: 6.2.0 , ≤ 6.2.16 (semver)
    cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiVoice Affected: 7.0.0 , ≤ 7.0.2 (semver)
Affected: 6.4.0 , ≤ 6.4.8 (semver)
Affected: 6.0.0 , ≤ 6.0.12 (semver)
    cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiWeb Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.11 (semver)
Affected: 7.0.0 , ≤ 7.0.11 (semver)
Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.4 (semver)
Affected: 7.0.0 , ≤ 7.0.11 (semver)
Affected: 6.4.0 , ≤ 6.4.14 (semver)
Affected: 6.2.0 , ≤ 6.2.13 (semver)
    cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-50565",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T14:22:39.875619Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-08T14:22:56.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.8",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.16",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.16",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiVoice",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.2",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiWeb",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.11",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.11",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.11",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-300",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-08T14:03:51.519Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-046",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-046"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.10 or above \nPlease upgrade to FortiProxy version 7.0.16 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.9 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiOS version 6.2.17 or above \nPlease upgrade to FortiVoice version 7.2.0 or above \nPlease upgrade to FortiVoice version 7.0.3 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \nPlease upgrade to FortiSASE version 23.1 or above \nPlease upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.5 or above \nPlease upgrade to FortiManager version 7.0.12 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiManager version 6.2.14 or above \nPlease upgrade to FortiWeb version 7.6.0 or above \nPlease upgrade to FortiWeb version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.5 or above \nPlease upgrade to FortiAnalyzer version 7.0.12 or above \nPlease upgrade to FortiAnalyzer version 6.4.15 or above \nPlease upgrade to FortiAnalyzer version 6.2.14 or above \nPlease upgrade to FortiGate Cloud version 24.5 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-50565",
    "datePublished": "2025-04-08T14:03:51.519Z",
    "dateReserved": "2024-10-24T11:52:14.401Z",
    "dateUpdated": "2025-04-08T14:22:56.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-25610 (GCVE-0-2023-25610)

Vulnerability from – Published: 2025-03-24 15:39 – Updated: 2025-03-24 18:42
VLAI?
Summary
A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Severity ?
9.3 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
CWE
  • CWE-124 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSwitchManager Affected: 7.2.0 , ≤ 7.2.1 (semver)
Affected: 7.0.0 , ≤ 7.0.1 (semver)
Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.2.0
Affected: 7.0.0 , ≤ 7.0.4 (semver)
Affected: 6.4.0 , ≤ 6.4.11 (semver)
Affected: 6.2.0 , ≤ 6.2.10 (semver)
Affected: 6.0.0 , ≤ 6.0.11 (semver)
    cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiOS-6K7K Affected: 7.0.5
Affected: 6.4.10
Affected: 6.4.8
Affected: 6.4.6
Affected: 6.4.2
Affected: 6.2.9 , ≤ 6.2.12 (semver)
Affected: 6.2.6 , ≤ 6.2.7 (semver)
Affected: 6.2.4
Affected: 6.0.12 , ≤ 6.0.18 (semver)
Affected: 6.0.10
Create a notification for this product.
    Fortinet FortiProxy Affected: 7.2.0 , ≤ 7.2.2 (semver)
Affected: 7.0.0 , ≤ 7.0.8 (semver)
Affected: 2.0.0 , ≤ 2.0.14 (semver)
Affected: 1.2.0 , ≤ 1.2.13 (semver)
Affected: 1.1.0 , ≤ 1.1.6 (semver)
Create a notification for this product.
    Fortinet FortiOS Affected: 7.2.0 , ≤ 7.2.3 (semver)
Affected: 7.0.0 , ≤ 7.0.9 (semver)
Affected: 6.4.0 , ≤ 6.4.11 (semver)
Affected: 6.2.0 , ≤ 6.2.12 (semver)
Affected: 6.0.0 , ≤ 6.0.18 (semver)
Affected: 5.6.0 , ≤ 5.6.14 (semver)
Affected: 5.4.0 , ≤ 5.4.13 (semver)
Affected: 5.2.0 , ≤ 5.2.15 (semver)
Affected: 5.0.0 , ≤ 5.0.14 (semver)
    cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiManager Affected: 7.2.0
Affected: 7.0.0 , ≤ 7.0.4 (semver)
Affected: 6.4.0 , ≤ 6.4.11 (semver)
Affected: 6.2.0 , ≤ 6.2.10 (semver)
Affected: 6.0.0 , ≤ 6.0.11 (semver)
    cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiWeb Affected: 7.2.0 , ≤ 7.2.1 (semver)
Affected: 7.0.0 , ≤ 7.0.6 (semver)
Affected: 6.4.0 , ≤ 6.4.2 (semver)
Affected: 6.3.0 , ≤ 6.3.22 (semver)
Affected: 6.2.0 , ≤ 6.2.7 (semver)
Affected: 6.1.0 , ≤ 6.1.3 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25610",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-24T16:26:39.771566Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-24T18:42:44.673Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiSwitchManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.11",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.10",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiOS-6K7K",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "6.4.10"
            },
            {
              "status": "affected",
              "version": "6.4.8"
            },
            {
              "status": "affected",
              "version": "6.4.6"
            },
            {
              "status": "affected",
              "version": "6.4.2"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.7",
              "status": "affected",
              "version": "6.2.6",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "6.2.4"
            },
            {
              "lessThanOrEqual": "6.0.18",
              "status": "affected",
              "version": "6.0.12",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "6.0.10"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.14",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.2.13",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.1.6",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.9",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.11",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.18",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.6.14",
              "status": "affected",
              "version": "5.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.13",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.15",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.14",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.11",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.10",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiWeb",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.2",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.22",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.7",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.3",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer underwrite (\u0027buffer underflow\u0027) vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-124",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-24T15:39:48.167Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-001",
          "url": "https://fortiguard.com/psirt/FG-IR-23-001"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.10 or above\r\nPlease upgrade to FortiOS version 6.4.12 or above\r\nPlease upgrade to FortiOS version 6.2.13 or above\r\nPlease upgrade to FortiWeb version 7.2.2 or above\r\nPlease upgrade to FortiWeb version 7.0.7 or above\r\nPlease upgrade to FortiWeb version 6.4.3 or above\r\nPlease upgrade to FortiWeb version 6.3.23 or above\r\nPlease upgrade to FortiWeb version 6.2.8 or above\r\nPlease upgrade to FortiWeb version 6.1.4 or above\r\nPlease upgrade to upcoming FortiOS version 6.0.17 or above\r\nPlease upgrade to FortiSwitchManager version 7.2.2 or above\r\nPlease upgrade to FortiSwitchManager version 7.0.2 or above\r\nPlease upgrade to FortiProxy version 7.2.3 or above\r\nPlease upgrade to FortiProxy version 7.0.9 or above\r\nPlease upgrade to FortiManager version 7.2.1 or above\r\nPlease upgrade to FortiManager version 7.0.5 or above\r\nPlease upgrade to FortiManager version 6.4.12 or above\r\nPlease upgrade to FortiManager version 6.2.11 or above\r\nPlease upgrade to FortiManager version 6.0.12 or above\r\nPlease upgrade to FortiOS-6K7K version 7.0.10 or above\r\nPlease upgrade to FortiOS-6K7K version 6.4.12 or above\r\nPlease upgrade to FortiOS-6K7K version 6.2.13 or above\r\nPlease upgrade to FortiAnalyzer version 7.2.1 or above\r\nPlease upgrade to FortiAnalyzer version 7.0.5 or above\r\nPlease upgrade to FortiAnalyzer version 6.4.12 or above\r\nPlease upgrade to FortiAnalyzer version 6.2.11 or above\r\nPlease upgrade to FortiAnalyzer version 6.0.12 or above\r\n\r\n\r\n## Workaround for FortiOS:\r\n\r\n\r\n\r\nDisable HTTP/HTTPS administrative interface\r\n\r\nOR\r\n\r\nLimit IP addresses that can reach the administrative interface:\r\n\r\n\r\n```\r\nconfig firewall address\r\nedit my_allowed_addresses\r\nset subnet Y IP MY SUBNET\r\nend\r\n```\r\n\r\nThen create an Address Group:\r\n\r\n\r\n```\r\nconfig firewall addrgrp\r\nedit MGMT_IPs\r\nset member my_allowed_addresses\r\nend\r\n```\r\n\r\nCreate the Local in Policy to restrict access only to the predefined group on management interface (here: port1):\r\n\r\n\r\n```\r\nconfig firewall local-in-policy\r\nedit 1\r\nset intf port1\r\nset srcaddr MGMT_IPs\r\nset dstaddr all\r\nset action accept\r\nset service HTTPS HTTP\r\nset schedule always\r\nset status enable\r\nnext\r\n\r\n\r\n\r\nedit 2\r\nset intf any\r\nset srcaddr all\r\nset dstaddr all\r\nset action deny\r\nset service HTTPS HTTP\r\nset schedule always\r\nset status enable\r\nend\r\n```\r\n\r\n\r\nIf using non default ports, create appropriate service object for GUI administrative access:\r\n\r\n```\r\nconfig firewall service custom\r\nedit GUI_HTTPS\r\nset tcp-portrange admin-sport\r\nnext\r\nedit GUI_HTTP\r\nset tcp-portrange admin-port\r\nend\r\n```\r\n\r\n\r\nUse these objects instead of \"HTTPS HTTP\" in the local-in policy 1 and 2 below.\r\n\r\n\r\nWhen using an HA reserved management interface, the local in policy needs to be configured slightly differently - please see: \r\n\r\nhttps://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-a-local-in-policy-on-a-HA/ta-p/222005\r\n\r\nPlease contact customer support for assistance.\r\n\r\n\r\n## Workaround for FortiManager and FortiAnalyzer:\r\n\r\n\r\nLimit IP addresses that can reach the administrative interface\r\n\r\n\r\n## Workaround for FortiWeb:\r\n\r\n\r\n\r\nDisable HTTP/HTTPS administrative interface\r\n\r\nOR\r\n\r\nLimit IP addresses that can reach the administrative interface"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-25610",
    "datePublished": "2025-03-24T15:39:48.167Z",
    "dateReserved": "2023-02-08T13:42:03.367Z",
    "dateUpdated": "2025-03-24T18:42:44.673Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-16151 (GCVE-0-2019-16151)

Vulnerability from – Published: 2025-03-21 16:02 – Updated: 2025-03-21 16:22
VLAI?
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code in the victim's browser context. This happens when the FortiGate has web filtering and category override enabled/configured.
Severity ?
4.7 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:X/RC:X
CWE
  • CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiOS Affected: 6.4.0 , ≤ 6.4.1 (semver)
Affected: 6.2.0 , ≤ 6.2.9 (semver)
    cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-16151",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-21T16:21:55.938349Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-21T16:22:17.554Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted \"Host\" header or to execute JavaScript code in the victim\u0027s browser context.\r\nThis happens when the FortiGate has web filtering and category override enabled/configured."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-21T16:02:01.913Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/advisory/FG-IR-19-301",
          "url": "https://fortiguard.com/advisory/FG-IR-19-301"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiOS version 6.4.2 or above.\n\r\nPlease upgrade to FortiOS version 6.2.10 or above."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2019-16151",
    "datePublished": "2025-03-21T16:02:01.913Z",
    "dateReserved": "2019-09-09T00:00:00.000Z",
    "dateUpdated": "2025-03-21T16:22:17.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-6697 (GCVE-0-2019-6697)

Vulnerability from – Published: 2025-03-17 13:40 – Updated: 2025-03-17 17:56
VLAI?
Summary
An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an unauthenticated attacker in the same network as the FortiGate to perform a Stored Cross Site Scripting attack (XSS) by sending a crafted DHCP packet.
Severity ?
5.2 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:X
CWE
  • CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiOS Affected: 6.2.0 , ≤ 6.2.1 (semver)
    cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-6697",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-17T14:19:08.113504Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-17T17:56:56.460Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.2.1",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an unauthenticated attacker in the same network as the FortiGate to perform a Stored Cross Site Scripting attack (XSS) by sending a crafted DHCP packet."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-17T13:40:57.520Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/advisory/FG-IR-19-184",
          "url": "https://fortiguard.com/advisory/FG-IR-19-184"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiOS version 6.2.2 and above.\n\r\nPlease upgrade to FortiOS version 6.0.7 and above."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2019-6697",
    "datePublished": "2025-03-17T13:40:57.520Z",
    "dateReserved": "2019-01-23T00:00:00.000Z",
    "dateUpdated": "2025-03-17T17:56:56.460Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-15706 (GCVE-0-2019-15706)

Vulnerability from – Published: 2025-03-17 13:05 – Updated: 2025-03-17 13:53
VLAI?
Summary
An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below, version 5.6.12 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS).
Severity ?
4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N/E:F/RL:X/RC:X
CWE
  • CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiProxy Affected: 2.0.0
Affected: 1.2.0 , ≤ 1.2.9 (semver)
Create a notification for this product.
    Fortinet FortiOS Affected: 6.2.0 , ≤ 6.2.1 (semver)
Affected: 6.0.0 , ≤ 6.0.8 (semver)
Affected: 5.6.12
    cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:5.6.12:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-15706",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-17T13:53:23.673713Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-17T13:53:31.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0"
            },
            {
              "lessThanOrEqual": "1.2.9",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:5.6.12:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.2.1",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.8",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.6.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below, version 5.6.12 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N/E:F/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-17T13:05:08.965Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-19-223",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-19-223"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiProxy version 2.0.1 or above. Please upgrade to FortiProxy version 1.2.10 or above."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2019-15706",
    "datePublished": "2025-03-17T13:05:08.965Z",
    "dateReserved": "2019-08-27T00:00:00.000Z",
    "dateUpdated": "2025-03-17T13:53:31.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-29010 (GCVE-0-2020-29010)

Vulnerability from – Published: 2025-03-17 13:06 – Updated: 2025-03-17 13:32
VLAI?
Summary
An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensitive data includes usernames, user groups, and IP address.
Severity ?
4.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:F/RL:X/RC:X
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiOS Affected: 6.2.1 , ≤ 6.2.4 (semver)
Affected: 6.0.0 , ≤ 6.0.10 (semver)
    cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-29010",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-17T13:32:32.365720Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-17T13:32:38.996Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.2.4",
              "status": "affected",
              "version": "6.2.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.10",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by  executing \"get vpn ssl monitor\" from the CLI. The sensitive data includes usernames, user groups, and IP address."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:F/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-17T13:06:16.993Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-20-103",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-20-103"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiGate version 6.0.11 or above. \r\nPlease upgrade to FortiGate version 6.2.5 or above.\r\nPlease upgrade to FortiGate version 6.4.2 or above."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2020-29010",
    "datePublished": "2025-03-17T13:06:16.993Z",
    "dateReserved": "2020-11-24T00:00:00.000Z",
    "dateUpdated": "2025-03-17T13:32:38.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26006 (GCVE-0-2024-26006)

Vulnerability from – Published: 2025-03-14 09:24 – Updated: 2025-03-15 03:55
VLAI?
Summary
An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server.
Severity ?
6.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X
CWE
  • CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiProxy Affected: 7.4.0 , ≤ 7.4.3 (semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver)
Affected: 7.0.0 , ≤ 7.0.16 (semver)
Create a notification for this product.
    Fortinet FortiOS Affected: 7.4.0 , ≤ 7.4.3 (semver)
Affected: 7.2.0 , ≤ 7.2.7 (semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
    cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26006",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-14T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-15T03:55:20.175Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.16",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.7",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-14T09:24:56.620Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-485",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-485"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiProxy version 7.4.4 or above \nPlease upgrade to FortiProxy version 7.2.10 or above \nPlease upgrade to FortiProxy version 7.0.17 or above \nPlease upgrade to FortiOS version 7.4.4 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiOS version 7.0.14 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-26006",
    "datePublished": "2025-03-14T09:24:56.620Z",
    "dateReserved": "2024-02-14T09:18:43.245Z",
    "dateUpdated": "2025-03-15T03:55:20.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-46666 (GCVE-0-2024-46666)

Vulnerability from – Published: 2025-01-14 14:09 – Updated: 2025-02-18 21:39
VLAI?
Summary
An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints.
Severity ?
4.8 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiOS Affected: 7.6.0
Affected: 7.4.0 , ≤ 7.4.4 (semver)
Affected: 7.2.0 , ≤ 7.2.10 (semver)
Affected: 7.0.0 , ≤ 7.0.16 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
    cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46666",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-27T17:37:49.718656Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T21:39:30.528Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.10",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.16",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "Denial of service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:09:56.935Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-250",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-250"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-46666",
    "datePublished": "2025-01-14T14:09:56.935Z",
    "dateReserved": "2024-09-11T12:14:59.204Z",
    "dateUpdated": "2025-02-18T21:39:30.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

displaying 71 - 80 organizations in total 268