Search criteria
39 vulnerabilities found for fortiisolator by fortinet
CERTFR-2025-AVI-0871
Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiDLP | FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x | ||
| Fortinet | FortiADC | FortiADC toutes versions 6.2.x et 7.0.x | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10 | ||
| Fortinet | FortiTester | FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.0.7 à 6.0.12 | ||
| Fortinet | FortiClient | FortiClientMac toutes versions 7.0.x | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise toutes versions 7.3.x et 7.4.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiPAM | FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x | ||
| Fortinet | FortiSRA | FortiSRA versions 1.5.x antérieures à 1.5.1 | ||
| Fortinet | FortiWeb | FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x | ||
| Fortinet | FortiDLP | FortiDLP versions 12.2.x et antérieures à 12.2.3 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiNDR | FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiManager | FortiManager Cloud toutes versions 6.4.x | ||
| Fortinet | FortiPAM | FortiPAM versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.5.x antérieures à 1.5.1 | ||
| Fortinet | FortiSIEM | FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiSRA | FortiSRA versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiClient | FortiClientWindows toutes versions 7.0.x | ||
| Fortinet | FortiIsolator | FortiIsolator versions 2.4.x antérieures à 2.4.5 | ||
| Fortinet | FortiTester | FortiTester version 7.4 antérieures à 7.4.3 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.4.x antérieures à 6.4.10 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6 | ||
| Fortinet | FortiOS | FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x | ||
| Fortinet | FortiIsolator | FortiIsolator toutes versions 2.3.x | ||
| Fortinet | FortiADC | FortiADC versions 7.1.x antérieures à 7.1.5 | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud toutes versions 6.4.x | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.14 | ||
| Fortinet | FortiManager | FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.9 | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise versions 7.5.x antérieures à 7.5.2 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x",
"product": {
"name": "FortiDLP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC toutes versions 6.2.x et 7.0.x",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x",
"product": {
"name": "FortiTester",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.0.7 \u00e0 6.0.12",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac toutes versions 7.0.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise toutes versions 7.3.x et 7.4.x",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "FortiSRA",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDLP versions 12.2.x et ant\u00e9rieures \u00e0 12.2.3",
"product": {
"name": "FortiDLP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud toutes versions 6.4.x",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiSRA",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows toutes versions 7.0.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.5",
"product": {
"name": "FortiIsolator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester version 7.4 ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiTester",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator toutes versions 2.3.x",
"product": {
"name": "FortiIsolator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud toutes versions 6.4.x",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise versions 7.5.x ant\u00e9rieures \u00e0 7.5.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58325"
},
{
"name": "CVE-2025-46752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46752"
},
{
"name": "CVE-2025-31365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31365"
},
{
"name": "CVE-2025-49201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49201"
},
{
"name": "CVE-2025-54822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54822"
},
{
"name": "CVE-2025-57741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57741"
},
{
"name": "CVE-2025-58903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58903"
},
{
"name": "CVE-2025-31514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31514"
},
{
"name": "CVE-2025-25253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25253"
},
{
"name": "CVE-2024-33507",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33507"
},
{
"name": "CVE-2025-25255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25255"
},
{
"name": "CVE-2023-46718",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46718"
},
{
"name": "CVE-2025-47890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47890"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2024-26008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26008"
},
{
"name": "CVE-2025-25252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25252"
},
{
"name": "CVE-2024-48891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48891"
},
{
"name": "CVE-2025-59921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59921"
},
{
"name": "CVE-2025-53951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53951"
},
{
"name": "CVE-2025-53950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53950"
},
{
"name": "CVE-2025-58324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58324"
},
{
"name": "CVE-2025-53845",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53845"
},
{
"name": "CVE-2024-50571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50571"
},
{
"name": "CVE-2025-46774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46774"
},
{
"name": "CVE-2025-31366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31366"
},
{
"name": "CVE-2025-57716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57716"
},
{
"name": "CVE-2024-47569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47569"
},
{
"name": "CVE-2025-22258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22258"
},
{
"name": "CVE-2025-57740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57740"
},
{
"name": "CVE-2025-54973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54973"
},
{
"name": "CVE-2025-54658",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54658"
}
],
"initial_release_date": "2025-10-15T00:00:00",
"last_revision_date": "2025-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0871",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-372",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-372"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-412",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-412"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-228",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-228"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-280",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-280"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-685",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-685"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-452",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-452"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-487",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-487"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-639",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-639"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-037",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-037"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-684",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-684"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-354",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-354"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-041",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-041"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-198",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-198"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-160",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-160"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-361",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-361"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-861",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-861"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-542",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-542"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-771",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-771"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-010",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-010"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-378",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-378"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-442",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-442"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-664",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-664"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-756",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-756"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-126",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-126"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-628",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-628"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-457",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-457"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-062",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-062"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-546",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-546"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-653",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-653"
}
]
}
CERTFR-2025-AVI-0575
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.4.7 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x et antérieures à 7.2.12 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 4.2.7 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.6.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions antérieures à 7.4.7 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.2.x antérieures à 7.2.11 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.2.11 | ||
| Fortinet | FortiIsolator | FortiIsolator versions antérieures à 2.4.5 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.0.x antérieures à 7.0.11 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.4.x antérieures à 4.4.5 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.8 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.4.x antérieures à 6.4.11 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.x antérieures à 7.4.9 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.8 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.4.7 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x et ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.2.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.2.11",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator versions ant\u00e9rieures \u00e0 2.4.5",
"product": {
"name": "FortiIsolator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-52965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52965"
},
{
"name": "CVE-2025-25257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25257"
},
{
"name": "CVE-2025-24474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24474"
},
{
"name": "CVE-2024-32124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32124"
},
{
"name": "CVE-2024-55599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55599"
},
{
"name": "CVE-2025-24477",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24477"
},
{
"name": "CVE-2024-27779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27779"
},
{
"name": "CVE-2025-47856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47856"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0575",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-511",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-511"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-026",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-026"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-035",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-035"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-151",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-151"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-045",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-045"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-437",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-437"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-250",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-250"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-053",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-053"
}
]
}
CERTFR-2025-AVI-0293
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.9 | ||
| Fortinet | FortiManager | FortiManager versions 6.4.x antérieures à 6.4.15 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.14 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 7.4.7 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antérieures à 6.2.17 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.4.x antérieures à 6.4.15 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.2.x antérieures à 7.2.9 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 6.4.15 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiClient | FortiClientEMS versions antérieures à 7.4.3 | ||
| Fortinet | FortiManager | FortiManager versions 6.2.x antérieures à 6.2.14 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.6 pour la vulnérabilité CVE-2024-32122 | ||
| Fortinet | FortiVoice | FortiVoice versions antérieures à 6.4.9 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.16 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.11 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.14 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.9 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.9 | ||
| Fortinet | FortiIsolator | FortiIsolator versions postérieures à 2.4.3 et antérieures à 2.4.7 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.4.x antérieures à 6.4.15 | ||
| Fortinet | FortiProxy | FortiProxy versions antérieures à 7.0.16 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.2.x antérieures à 6.2.14 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.10 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.17",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.6 pour la vuln\u00e9rabilit\u00e9 CVE-2024-32122",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator versions post\u00e9rieures \u00e0 2.4.3 et ant\u00e9rieures \u00e0 2.4.7",
"product": {
"name": "FortiIsolator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.16",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.2.x ant\u00e9rieures \u00e0 6.2.14",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-46671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46671"
},
{
"name": "CVE-2024-32122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32122"
},
{
"name": "CVE-2024-50565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50565"
},
{
"name": "CVE-2024-26013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26013"
},
{
"name": "CVE-2024-54025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54025"
},
{
"name": "CVE-2024-48887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48887"
},
{
"name": "CVE-2025-22855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22855"
},
{
"name": "CVE-2024-52962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52962"
},
{
"name": "CVE-2023-37930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37930"
},
{
"name": "CVE-2025-25254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25254"
},
{
"name": "CVE-2024-54024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54024"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0293",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-474",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-474"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-435",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-435"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-165",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-165"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-184",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-184"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-111",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-111"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-453",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-453"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-344",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-344"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-046",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-046"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-392",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-392"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-397",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-397"
}
]
}
FKIE_CVE-2024-33507
Vulnerability from fkie_nvd - Published: 2025-10-14 16:15 - Updated: 2025-10-15 17:38
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logged in admins via crafted cookie and remote authenticated read-only attacker to gain write privilege via crafted cookie.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-24-062 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiisolator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D702E5B-2D94-48AF-94E4-E20A42BA7A06",
"versionEndExcluding": "2.4.5",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logged in admins via crafted cookie and remote authenticated read-only attacker to gain write privilege via crafted cookie."
}
],
"id": "CVE-2024-33507",
"lastModified": "2025-10-15T17:38:33.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-14T16:15:34.980",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-062"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-32124
Vulnerability from fkie_nvd - Published: 2025-07-18 08:15 - Updated: 2025-07-22 17:08
Severity ?
Summary
An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-24-045 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiisolator | * | |
| fortinet | fortiisolator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23294BAD-8A68-41FF-9C58-B525D8732B03",
"versionEndIncluding": "2.3.4",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5333357F-9C1C-4122-A146-2181665A3B17",
"versionEndExcluding": "2.4.5",
"versionStartIncluding": "2.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inadecuado [CWE-284] en el componente de registro de FortiIsolator versi\u00f3n 2.4.4, versi\u00f3n 2.4.3, 2.3 y todas las versiones puede permitir que un atacante remoto autenticado de solo lectura altere los registros a trav\u00e9s de una solicitud HTTP manipulada."
}
],
"id": "CVE-2024-32124",
"lastModified": "2025-07-22T17:08:39.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
},
"published": "2025-07-18T08:15:26.890",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-045"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-27779
Vulnerability from fkie_nvd - Published: 2025-07-18 08:15 - Updated: 2025-07-22 17:07
Severity ?
Summary
An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-24-035 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiisolator | * | |
| fortinet | fortisandbox | * | |
| fortinet | fortisandbox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE46895-BF73-4346-900B-C9A7CD434028",
"versionEndExcluding": "2.4.5",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8EBB53-DB08-44EA-9FE4-87801ACA2C26",
"versionEndExcluding": "4.2.7",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77A903-42B3-41D3-BDC6-E138679B5400",
"versionEndExcluding": "4.4.5",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin\u0027s session even after the admin user was deleted."
},
{
"lang": "es",
"value": "Una vulnerabilidad de expiraci\u00f3n de sesi\u00f3n insuficiente [CWE-613] en FortiSandbox FortiSandbox versi\u00f3n 4.4.4 y anteriores, versi\u00f3n 4.2.6 y anteriores, 4.0 todas las versiones, 3.2 todas las versiones y FortiIsolator versi\u00f3n 2.4 y anteriores, 2.3 todas las versiones, 2.2 todas las versiones, 2.1 todas las versiones, 2.0 todas las versiones, 1.2 todas las versiones puede permitir que un atacante remoto en posesi\u00f3n de una cookie de sesi\u00f3n de administrador siga usando la sesi\u00f3n de ese administrador incluso despu\u00e9s de que el usuario administrador haya sido eliminado."
}
],
"id": "CVE-2024-27779",
"lastModified": "2025-07-22T17:07:27.987",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5,
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
},
"published": "2025-07-18T08:15:25.850",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-035"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-54025
Vulnerability from fkie_nvd - Published: 2025-04-08 14:15 - Updated: 2025-07-23 16:02
Severity ?
Summary
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-24-392 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiisolator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9293C91-E242-442D-AADA-9B6EE1D7874F",
"versionEndExcluding": "2.4.7",
"versionStartIncluding": "2.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests."
},
{
"lang": "es",
"value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del SO (\u0027OS Command Injection\u0027) [CWE-78] en Fortinet FortiIsolator CLI anterior a la versi\u00f3n 2.4.6 permite que un atacante privilegiado ejecute c\u00f3digo o comandos no autorizados a trav\u00e9s de solicitudes CLI manipuladas."
}
],
"id": "CVE-2024-54025",
"lastModified": "2025-07-23T16:02:46.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T14:15:32.463",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-392"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-54024
Vulnerability from fkie_nvd - Published: 2025-04-08 14:15 - Updated: 2025-07-23 16:02
Severity ?
Summary
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-24-397 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiisolator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9293C91-E242-442D-AADA-9B6EE1D7874F",
"versionEndExcluding": "2.4.7",
"versionStartIncluding": "2.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests."
},
{
"lang": "es",
"value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del SO (\u0027OS Command Injection\u0027) [CWE-78] en Fortinet FortiIsolator anterior a la versi\u00f3n 2.4.6 permite que un atacante privilegiado con perfil de s\u00faper administrador y acceso CLI ejecute c\u00f3digo no autorizado a trav\u00e9s de solicitudes HTTP espec\u00edficamente manipuladas."
}
],
"id": "CVE-2024-54024",
"lastModified": "2025-07-23T16:02:34.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T14:15:32.303",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-397"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-55590
Vulnerability from fkie_nvd - Published: 2025-03-11 15:15 - Updated: 2025-07-23 15:45
Severity ?
Summary
Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via specifically crafted CLI commands.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-24-178 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiisolator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52CDEC-F555-44E8-84E7-3FB84C18FA16",
"versionEndExcluding": "2.4.6",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via specifically crafted CLI commands."
},
{
"lang": "es",
"value": "Las vulnerabilidades de neutralizaci\u00f3n incorrecta m\u00faltiple de elementos especiales utilizados en un comando del SO (\u0027inyecci\u00f3n de comando del SO\u0027) [CWE-78] en Fortinet FortiIsolator versi\u00f3n 2.4.0 a 2.4.5 permiten que un atacante autenticado con al menos permiso de administrador de solo lectura y acceso CLI ejecute c\u00f3digo no autorizado a trav\u00e9s de comandos CLI espec\u00edficamente manipulados."
}
],
"id": "CVE-2024-55590",
"lastModified": "2025-07-23T15:45:34.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
},
"published": "2025-03-11T15:15:43.650",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-178"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-22298
Vulnerability from fkie_nvd - Published: 2023-10-10 17:15 - Updated: 2024-11-21 06:46
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-21-233 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-21-233 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiisolator | * | |
| fortinet | fortiisolator | 1.0.0 | |
| fortinet | fortiisolator | 1.1.0 | |
| fortinet | fortiisolator | 1.2.0 | |
| fortinet | fortiisolator | 1.2.1 | |
| fortinet | fortiisolator | 1.2.2 | |
| fortinet | fortiisolator | 2.0.0 | |
| fortinet | fortiisolator | 2.0.1 | |
| fortinet | fortiisolator | 2.1.0 | |
| fortinet | fortiisolator | 2.1.1 | |
| fortinet | fortiisolator | 2.1.2 | |
| fortinet | fortiisolator | 2.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23294BAD-8A68-41FF-9C58-B525D8732B03",
"versionEndIncluding": "2.3.4",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFE83AE-1395-4205-B805-A508E53DF215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3FA24F-4D8F-48E3-BAC4-654E0DBCA800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F67431CA-CA69-4D8B-B1EF-321828DBEEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E43F6415-298C-4AC4-BC1F-8E7CDD367AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC84748-C9CA-412E-91EE-F341C1B975FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "067563F7-3868-40DD-BE14-9D65FDAB940F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40EE8089-FB10-4CA5-BA41-F6A2ED32E8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "472F7F9F-DA6F-4017-87FD-288CEE40D2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB1042D-A702-4AC9-9A13-EC267210A5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D19301A-FC50-4684-9004-CF1A36230B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiisolator:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E98DE-F384-43D1-91DB-972CB50A53B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo (\u0027inyecci\u00f3n de comando del sistema operativo\u0027) en: \nFortinet FortiIsolator versi\u00f3n 1.0.0, \nFortiIsolator versi\u00f3n 1.1.0, \nFortiIsolator versi\u00f3n 1.2.0 a 1.2.2, \nFortiIsolator versi\u00f3n 2.0.0 a 2.0. 1, \nFortiIsolator versi\u00f3n 2.1.0 a 2.1.2, \nFortiIsolator versi\u00f3n 2.2.0, \nFortiIsolator versi\u00f3n 2.3.0 a 2.3.4. \nPermite al atacante ejecutar comandos arbitrarios del sistema operativo en el shell subyacente a trav\u00e9s de par\u00e1metros de entrada especialmente manipulados."
}
],
"id": "CVE-2022-22298",
"lastModified": "2024-11-21T06:46:35.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-10T17:15:10.837",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-233"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-33507 (GCVE-0-2024-33507)
Vulnerability from cvelistv5 – Published: 2025-10-14 15:23 – Updated: 2025-10-14 17:36
VLAI?
Summary
An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logged in admins via crafted cookie and remote authenticated read-only attacker to gain write privilege via crafted cookie.
Severity ?
CWE
- CWE-613 - Denial of service, Privilege escalation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiIsolator |
Affected:
2.4.0 , ≤ 2.4.4
(semver)
Affected: 2.3.0 , ≤ 2.3.4 (semver) cpe:2.3:a:fortinet:fortiisolator:2.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T17:35:50.623114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T17:36:00.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiisolator:2.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.4.4",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.3.4",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logged in admins via crafted cookie and remote authenticated read-only attacker to gain write privilege via crafted cookie."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "Denial of service, Privilege escalation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T15:23:42.194Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-062",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-062"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiIsolator version 3.0.0 or above\nUpgrade to FortiIsolator version 2.4.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-33507",
"datePublished": "2025-10-14T15:23:42.194Z",
"dateReserved": "2024-04-23T14:18:29.830Z",
"dateUpdated": "2025-10-14T17:36:00.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32124 (GCVE-0-2024-32124)
Vulnerability from cvelistv5 – Published: 2025-07-18 08:08 – Updated: 2025-07-18 13:45
VLAI?
Summary
An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.
Severity ?
CWE
- CWE-284 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiIsolator |
Affected:
2.4.3 , ≤ 2.4.4
(semver)
Affected: 2.3.0 , ≤ 2.3.4 (semver) cpe:2.3:a:fortinet:fortiisolator:2.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-18T13:45:16.553405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T13:45:22.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiisolator:2.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.4.4",
"status": "affected",
"version": "2.4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.3.4",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T08:08:21.544Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-045",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-045"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiIsolator version 2.4.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-32124",
"datePublished": "2025-07-18T08:08:21.544Z",
"dateReserved": "2024-04-11T12:09:46.571Z",
"dateUpdated": "2025-07-18T13:45:22.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27779 (GCVE-0-2024-27779)
Vulnerability from cvelistv5 – Published: 2025-07-18 07:58 – Updated: 2025-07-19 03:55
VLAI?
Summary
An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted.
Severity ?
CWE
- CWE-613 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSandbox |
Affected:
4.4.0 , ≤ 4.4.4
(semver)
Affected: 4.2.0 , ≤ 4.2.6 (semver) Affected: 4.0.0 , ≤ 4.0.6 (semver) Affected: 3.2.0 , ≤ 3.2.4 (semver) cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:3.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:3.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:3.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:3.2.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-19T03:55:13.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:3.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:3.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:3.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:3.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:3.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "4.4.4",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.6",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.4",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiisolator:2.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:1.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:1.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:1.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.4.4",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.3.4",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.2.0"
},
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin\u0027s session even after the admin user was deleted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T07:58:23.943Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-035",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-035"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSandbox version 4.4.5 or above \nPlease upgrade to FortiSandbox version 4.2.7 or above \nPlease upgrade to FortiIsolator version 2.4.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-27779",
"datePublished": "2025-07-18T07:58:23.943Z",
"dateReserved": "2024-02-26T14:46:31.334Z",
"dateUpdated": "2025-07-19T03:55:13.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54024 (GCVE-0-2024-54024)
Vulnerability from cvelistv5 – Published: 2025-04-08 14:02 – Updated: 2025-04-09 04:00
VLAI?
Summary
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests.
Severity ?
CWE
- CWE-78 - Escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiIsolator |
Affected:
2.4.3 , ≤ 2.4.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T04:00:38.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.4.6",
"status": "affected",
"version": "2.4.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T14:02:45.963Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-397",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-397"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiIsolator version 2.4.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-54024",
"datePublished": "2025-04-08T14:02:45.963Z",
"dateReserved": "2024-11-27T15:20:39.890Z",
"dateUpdated": "2025-04-09T04:00:38.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54025 (GCVE-0-2024-54025)
Vulnerability from cvelistv5 – Published: 2025-04-08 14:02 – Updated: 2025-04-09 04:00
VLAI?
Summary
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests.
Severity ?
CWE
- CWE-78 - Escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiIsolator |
Affected:
2.4.3 , ≤ 2.4.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T04:00:36.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.4.6",
"status": "affected",
"version": "2.4.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T14:02:45.565Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-392",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-392"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiIsolator version 2.4.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-54025",
"datePublished": "2025-04-08T14:02:45.565Z",
"dateReserved": "2024-11-27T15:20:39.891Z",
"dateUpdated": "2025-04-09T04:00:36.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55590 (GCVE-0-2024-55590)
Vulnerability from cvelistv5 – Published: 2025-03-11 14:54 – Updated: 2025-03-11 16:05
VLAI?
Summary
Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via specifically crafted CLI commands.
Severity ?
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiIsolator |
Affected:
2.4.0 , ≤ 2.4.5
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T16:03:27.550889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:05:38.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.4.5",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via specifically crafted CLI commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:34.932Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-178",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-178"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiIsolator version 2.4.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-55590",
"datePublished": "2025-03-11T14:54:34.932Z",
"dateReserved": "2024-12-09T11:19:49.470Z",
"dateUpdated": "2025-03-11T16:05:38.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22298 (GCVE-0-2022-22298)
Vulnerability from cvelistv5 – Published: 2023-10-10 16:49 – Updated: 2024-09-18 19:48
VLAI?
Summary
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.
Severity ?
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiIsolator |
Affected:
2.3.0 , ≤ 2.3.3
(semver)
Affected: 2.2.0 Affected: 2.1.0 , ≤ 2.1.2 (semver) Affected: 2.0.0 , ≤ 2.0.1 (semver) Affected: 1.2.0 , ≤ 1.2.2 (semver) Affected: 1.1.0 Affected: 1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-21-233",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-233"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiisolator:1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:1.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:1.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:1.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:1.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortiisolator",
"vendor": "fortinet",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.1.0"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.2.1"
},
{
"status": "affected",
"version": "1.2.2"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.1.2"
},
{
"status": "affected",
"version": "2.2.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiisolator:2.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortiisolator",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "2.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T19:43:19.024763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T19:48:48.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.2.0"
},
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.1.0"
},
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T16:49:46.033Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-21-233",
"url": "https://fortiguard.com/psirt/FG-IR-21-233"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiIsolator version\u00a02.4.0 or above."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-22298",
"datePublished": "2023-10-10T16:49:46.033Z",
"dateReserved": "2022-01-03T09:39:36.528Z",
"dateUpdated": "2024-09-18T19:48:48.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33507 (GCVE-0-2024-33507)
Vulnerability from nvd – Published: 2025-10-14 15:23 – Updated: 2025-10-14 17:36
VLAI?
Summary
An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logged in admins via crafted cookie and remote authenticated read-only attacker to gain write privilege via crafted cookie.
Severity ?
CWE
- CWE-613 - Denial of service, Privilege escalation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiIsolator |
Affected:
2.4.0 , ≤ 2.4.4
(semver)
Affected: 2.3.0 , ≤ 2.3.4 (semver) cpe:2.3:a:fortinet:fortiisolator:2.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T17:35:50.623114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T17:36:00.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiisolator:2.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.4.4",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.3.4",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logged in admins via crafted cookie and remote authenticated read-only attacker to gain write privilege via crafted cookie."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "Denial of service, Privilege escalation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T15:23:42.194Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-062",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-062"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiIsolator version 3.0.0 or above\nUpgrade to FortiIsolator version 2.4.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-33507",
"datePublished": "2025-10-14T15:23:42.194Z",
"dateReserved": "2024-04-23T14:18:29.830Z",
"dateUpdated": "2025-10-14T17:36:00.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32124 (GCVE-0-2024-32124)
Vulnerability from nvd – Published: 2025-07-18 08:08 – Updated: 2025-07-18 13:45
VLAI?
Summary
An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.
Severity ?
CWE
- CWE-284 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiIsolator |
Affected:
2.4.3 , ≤ 2.4.4
(semver)
Affected: 2.3.0 , ≤ 2.3.4 (semver) cpe:2.3:a:fortinet:fortiisolator:2.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiisolator:2.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-18T13:45:16.553405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T13:45:22.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiisolator:2.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.4.4",
"status": "affected",
"version": "2.4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.3.4",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T08:08:21.544Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-045",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-045"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiIsolator version 2.4.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-32124",
"datePublished": "2025-07-18T08:08:21.544Z",
"dateReserved": "2024-04-11T12:09:46.571Z",
"dateUpdated": "2025-07-18T13:45:22.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27779 (GCVE-0-2024-27779)
Vulnerability from nvd – Published: 2025-07-18 07:58 – Updated: 2025-07-19 03:55
VLAI?
Summary
An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted.
Severity ?
CWE
- CWE-613 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSandbox |
Affected:
4.4.0 , ≤ 4.4.4
(semver)
Affected: 4.2.0 , ≤ 4.2.6 (semver) Affected: 4.0.0 , ≤ 4.0.6 (semver) Affected: 3.2.0 , ≤ 3.2.4 (semver) cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:3.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:3.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:3.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:3.2.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-19T03:55:13.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:3.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:3.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:3.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:3.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:3.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "4.4.4",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.6",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.4",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiisolator:2.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:1.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:1.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:1.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.4.4",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.3.4",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.2.0"
},
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin\u0027s session even after the admin user was deleted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T07:58:23.943Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-035",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-035"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSandbox version 4.4.5 or above \nPlease upgrade to FortiSandbox version 4.2.7 or above \nPlease upgrade to FortiIsolator version 2.4.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-27779",
"datePublished": "2025-07-18T07:58:23.943Z",
"dateReserved": "2024-02-26T14:46:31.334Z",
"dateUpdated": "2025-07-19T03:55:13.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54024 (GCVE-0-2024-54024)
Vulnerability from nvd – Published: 2025-04-08 14:02 – Updated: 2025-04-09 04:00
VLAI?
Summary
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests.
Severity ?
CWE
- CWE-78 - Escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiIsolator |
Affected:
2.4.3 , ≤ 2.4.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T04:00:38.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.4.6",
"status": "affected",
"version": "2.4.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T14:02:45.963Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-397",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-397"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiIsolator version 2.4.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-54024",
"datePublished": "2025-04-08T14:02:45.963Z",
"dateReserved": "2024-11-27T15:20:39.890Z",
"dateUpdated": "2025-04-09T04:00:38.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54025 (GCVE-0-2024-54025)
Vulnerability from nvd – Published: 2025-04-08 14:02 – Updated: 2025-04-09 04:00
VLAI?
Summary
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests.
Severity ?
CWE
- CWE-78 - Escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiIsolator |
Affected:
2.4.3 , ≤ 2.4.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T04:00:36.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.4.6",
"status": "affected",
"version": "2.4.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T14:02:45.565Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-392",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-392"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiIsolator version 2.4.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-54025",
"datePublished": "2025-04-08T14:02:45.565Z",
"dateReserved": "2024-11-27T15:20:39.891Z",
"dateUpdated": "2025-04-09T04:00:36.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55590 (GCVE-0-2024-55590)
Vulnerability from nvd – Published: 2025-03-11 14:54 – Updated: 2025-03-11 16:05
VLAI?
Summary
Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via specifically crafted CLI commands.
Severity ?
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiIsolator |
Affected:
2.4.0 , ≤ 2.4.5
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T16:03:27.550889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:05:38.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.4.5",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via specifically crafted CLI commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:34.932Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-178",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-178"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiIsolator version 2.4.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-55590",
"datePublished": "2025-03-11T14:54:34.932Z",
"dateReserved": "2024-12-09T11:19:49.470Z",
"dateUpdated": "2025-03-11T16:05:38.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22298 (GCVE-0-2022-22298)
Vulnerability from nvd – Published: 2023-10-10 16:49 – Updated: 2024-09-18 19:48
VLAI?
Summary
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.
Severity ?
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiIsolator |
Affected:
2.3.0 , ≤ 2.3.3
(semver)
Affected: 2.2.0 Affected: 2.1.0 , ≤ 2.1.2 (semver) Affected: 2.0.0 , ≤ 2.0.1 (semver) Affected: 1.2.0 , ≤ 1.2.2 (semver) Affected: 1.1.0 Affected: 1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-21-233",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-21-233"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiisolator:1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:1.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:1.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:1.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:1.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortiisolator",
"vendor": "fortinet",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.1.0"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.2.1"
},
{
"status": "affected",
"version": "1.2.2"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.1.2"
},
{
"status": "affected",
"version": "2.2.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiisolator:2.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiisolator:2.3.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortiisolator",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "2.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T19:43:19.024763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T19:48:48.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiIsolator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.2.0"
},
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.1.0"
},
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T16:49:46.033Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-21-233",
"url": "https://fortiguard.com/psirt/FG-IR-21-233"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiIsolator version\u00a02.4.0 or above."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-22298",
"datePublished": "2023-10-10T16:49:46.033Z",
"dateReserved": "2022-01-03T09:39:36.528Z",
"dateUpdated": "2024-09-18T19:48:48.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202102-0771
Vulnerability from variot - Updated: 2023-12-18 13:56An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks). FortiNet FortiIsolator Is vulnerable to a session expiration.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiIsolator is an application provided by Fortinet Corporation of the United States to provide remote security isolation functions for browsers. The application adds additional advanced threat protection to the Fortinet Security Fabric and protects critical business data from sophisticated threats on the network. Content and files from the web are accessed in remote containers, which then present risk-free content to users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0771",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortiisolator",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "2.0.1"
},
{
"model": "fortiisolator",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "2.0.1 and earlier"
},
{
"model": "fortiisolator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015916"
},
{
"db": "NVD",
"id": "CVE-2020-6649"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6649"
}
]
},
"cve": "CVE-2020-6649",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-6649",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-184774",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-6649",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-6649",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-564",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-184774",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184774"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015916"
},
{
"db": "NVD",
"id": "CVE-2020-6649"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-564"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An insufficient session expiration vulnerability in FortiNet\u0027s FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks). FortiNet FortiIsolator Is vulnerable to a session expiration.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiIsolator is an application provided by Fortinet Corporation of the United States to provide remote security isolation functions for browsers. The application adds additional advanced threat protection to the Fortinet Security Fabric and protects critical business data from sophisticated threats on the network. Content and files from the web are accessed in remote containers, which then present risk-free content to users",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6649"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015916"
},
{
"db": "VULHUB",
"id": "VHN-184774"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6649",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015916",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202102-564",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0413",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-184774",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184774"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015916"
},
{
"db": "NVD",
"id": "CVE-2020-6649"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-564"
}
]
},
"id": "VAR-202102-0771",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-184774"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:56:00.257000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-20-011",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-20-011"
},
{
"title": "Fortinet FortiIsolator Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141730"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015916"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-564"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-613",
"trust": 1.1
},
{
"problemtype": "Inappropriate session deadline (CWE-613) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184774"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015916"
},
{
"db": "NVD",
"id": "CVE-2020-6649"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/advisory/fg-ir-20-011"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6649"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0413"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184774"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015916"
},
{
"db": "NVD",
"id": "CVE-2020-6649"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-564"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-184774"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015916"
},
{
"db": "NVD",
"id": "CVE-2020-6649"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-564"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-08T00:00:00",
"db": "VULHUB",
"id": "VHN-184774"
},
{
"date": "2021-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015916"
},
{
"date": "2021-02-08T16:15:11.907000",
"db": "NVD",
"id": "CVE-2020-6649"
},
{
"date": "2021-02-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-564"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-184774"
},
{
"date": "2021-10-22T08:29:00",
"db": "JVNDB",
"id": "JVNDB-2020-015916"
},
{
"date": "2021-02-10T19:02:34.440000",
"db": "NVD",
"id": "CVE-2020-6649"
},
{
"date": "2021-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-564"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-564"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiNet\u00a0FortiIsolator\u00a0 Session deadline vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015916"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-564"
}
],
"trust": 0.6
}
}
VAR-202205-0180
Vulnerability from variot - Updated: 2023-12-18 13:22An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. FortiIsolator Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0180",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortiisolator",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "2.3.3"
},
{
"model": "fortiisolator",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "2.3.0"
},
{
"model": "fortiisolator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortiisolator",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "2.3.2 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010452"
},
{
"db": "NVD",
"id": "CVE-2021-41020"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.3",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41020"
}
]
},
"cve": "CVE-2021-41020",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-41020",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-402292",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-010452",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-41020",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2021-41020",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2039",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-402292",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-41020",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402292"
},
{
"db": "VULMON",
"id": "CVE-2021-41020"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010452"
},
{
"db": "NVD",
"id": "CVE-2021-41020"
},
{
"db": "NVD",
"id": "CVE-2021-41020"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2039"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. FortiIsolator Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41020"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010452"
},
{
"db": "VULHUB",
"id": "VHN-402292"
},
{
"db": "VULMON",
"id": "CVE-2021-41020"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41020",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010452",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022050322",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2039",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-402292",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-41020",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402292"
},
{
"db": "VULMON",
"id": "CVE-2021-41020"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010452"
},
{
"db": "NVD",
"id": "CVE-2021-41020"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2039"
}
]
},
"id": "VAR-202205-0180",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-402292"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:22:27.896000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-21-040",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/fg-ir-21-040"
},
{
"title": "Fortinet FortiIsolator Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=199821"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010452"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2039"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-863",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402292"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010452"
},
{
"db": "NVD",
"id": "CVE-2021-41020"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/psirt/fg-ir-21-040"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41020"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-41020/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050322"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402292"
},
{
"db": "VULMON",
"id": "CVE-2021-41020"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010452"
},
{
"db": "NVD",
"id": "CVE-2021-41020"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2039"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-402292"
},
{
"db": "VULMON",
"id": "CVE-2021-41020"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010452"
},
{
"db": "NVD",
"id": "CVE-2021-41020"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2039"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-402292"
},
{
"date": "2022-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41020"
},
{
"date": "2023-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010452"
},
{
"date": "2022-05-04T16:15:08.100000",
"db": "NVD",
"id": "CVE-2021-41020"
},
{
"date": "2022-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2039"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-402292"
},
{
"date": "2022-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41020"
},
{
"date": "2023-08-15T07:03:00",
"db": "JVNDB",
"id": "JVNDB-2022-010452"
},
{
"date": "2022-07-12T17:42:04.277000",
"db": "NVD",
"id": "CVE-2021-41020"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2039"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2039"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiIsolator\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010452"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2039"
}
],
"trust": 0.6
}
}
VAR-202003-1589
Vulnerability from variot - Updated: 2023-12-18 13:18An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS). Fortinet FortiIsolator Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. A cross-site scripting vulnerability exists in the URL description of the URL filter in Fortinet FortiIsolator 1.2.2 and earlier versions. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1589",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortiisolator",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.2.2"
},
{
"model": "fortiisolator",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "1.2.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002896"
},
{
"db": "NVD",
"id": "CVE-2020-6643"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6643"
}
]
},
"cve": "CVE-2020-6643",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-002896",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-184768",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2020-6643",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-002896",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-6643",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-002896",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-781",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-184768",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-6643",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184768"
},
{
"db": "VULMON",
"id": "CVE-2020-6643"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002896"
},
{
"db": "NVD",
"id": "CVE-2020-6643"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-781"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS). Fortinet FortiIsolator Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. A cross-site scripting vulnerability exists in the URL description of the URL filter in Fortinet FortiIsolator 1.2.2 and earlier versions. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6643"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002896"
},
{
"db": "VULHUB",
"id": "VHN-184768"
},
{
"db": "VULMON",
"id": "CVE-2020-6643"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6643",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002896",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-781",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.0907",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-184768",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-6643",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184768"
},
{
"db": "VULMON",
"id": "CVE-2020-6643"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002896"
},
{
"db": "NVD",
"id": "CVE-2020-6643"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-781"
}
]
},
"id": "VAR-202003-1589",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-184768"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:18:20.505000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-19-270",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-19-270"
},
{
"title": "Fortinet FortiIsolator Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112508"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002896"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-781"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184768"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002896"
},
{
"db": "NVD",
"id": "CVE-2020-6643"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/advisory/fg-ir-19-270"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6643"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6643"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0907/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184768"
},
{
"db": "VULMON",
"id": "CVE-2020-6643"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002896"
},
{
"db": "NVD",
"id": "CVE-2020-6643"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-781"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-184768"
},
{
"db": "VULMON",
"id": "CVE-2020-6643"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002896"
},
{
"db": "NVD",
"id": "CVE-2020-6643"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-781"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-184768"
},
{
"date": "2020-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6643"
},
{
"date": "2020-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002896"
},
{
"date": "2020-03-12T22:15:15.780000",
"db": "NVD",
"id": "CVE-2020-6643"
},
{
"date": "2020-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-781"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-17T00:00:00",
"db": "VULHUB",
"id": "VHN-184768"
},
{
"date": "2020-03-17T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6643"
},
{
"date": "2020-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002896"
},
{
"date": "2020-03-17T18:00:40.997000",
"db": "NVD",
"id": "CVE-2020-6643"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-781"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-781"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiIsolator Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002896"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-781"
}
],
"trust": 0.6
}
}