Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Vulnerability from csaf_ncscnl
Published
2025-01-15 13:25
Modified
2025-01-15 13:25
Summary
Kwetsbaarheden verholpen in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS en FortiProxy
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Fortinet heeft kwetsbaarheden verholpen in FortiSwitch, FortiManager, FortiAnalyzer, FortiOS en FortiProxy.
Interpretaties
De kwetsbaarheden omvatten onder andere hard-coded cryptografische sleutels, onjuiste verwerking van OS-commando's, en out-of-bounds schrijf- en leesfouten. Aanvallers kunnen deze kwetsbaarheden misbruiken om ongeautoriseerde toegang te verkrijgen, willekeurige code uit te voeren en Denial-of-Service-aanvallen te veroorzaken.
Oplossingen
Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-672
Operation on a Resource after Expiration or Release
CWE-1390
Weak Authentication
CWE-201
Insertion of Sensitive Information Into Sent Data
CWE-266
Incorrect Privilege Assignment
CWE-23
Relative Path Traversal
CWE-190
Integer Overflow or Wraparound
CWE-321
Use of Hard-coded Cryptographic Key
CWE-125
Out-of-bounds Read
CWE-306
Missing Authentication for Critical Function
CWE-346
Origin Validation Error
CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-476
NULL Pointer Dereference
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787
Out-of-bounds Write
CWE-121
Stack-based Buffer Overflow
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Fortinet heeft kwetsbaarheden verholpen in FortiSwitch, FortiManager, FortiAnalyzer, FortiOS en FortiProxy.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden omvatten onder andere hard-coded cryptografische sleutels, onjuiste verwerking van OS-commando's, en out-of-bounds schrijf- en leesfouten. Aanvallers kunnen deze kwetsbaarheden misbruiken om ongeautoriseerde toegang te verkrijgen, willekeurige code uit te voeren en Denial-of-Service-aanvallen te veroorzaken. ", title: "Interpretaties", }, { category: "description", text: "Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Operation on a Resource after Expiration or Release", title: "CWE-672", }, { category: "general", text: "Weak Authentication", title: "CWE-1390", }, { category: "general", text: "Insertion of Sensitive Information Into Sent Data", title: "CWE-201", }, { category: "general", text: "Incorrect Privilege Assignment", title: "CWE-266", }, { category: "general", text: "Relative Path Traversal", title: "CWE-23", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Use of Hard-coded Cryptographic Key", title: "CWE-321", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "Origin Validation Error", title: "CWE-346", }, { category: "general", text: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", title: "CWE-113", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", title: "CWE-89", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-239", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-143", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-097", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-152", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-222", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-326", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-282", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-23-405", }, { category: "external", summary: "Reference - certbundde", url: "https://www.fortiguard.com/psirt/FG-IR-23-260", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-23-407", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-267", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-135", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-219", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-127", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-23-293", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-463", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-061", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-373", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-259", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-106", }, { category: "external", summary: "Reference - certbundde", url: "https://www.fortiguard.com/psirt/FG-IR-23-258", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-091", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-23-473", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-165", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-250", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-24-221", }, { category: "external", summary: "Reference - ncscclear", url: "https://www.fortiguard.com/psirt/FG-IR-23-494", }, ], title: "Kwetsbaarheden verholpen in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS en FortiProxy", tracking: { current_release_date: "2025-01-15T13:25:32.904961Z", id: "NCSC-2025-0018", initial_release_date: "2025-01-15T13:25:32.904961Z", revision_history: [ { date: "2025-01-15T13:25:32.904961Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "fortiswitch", product: { name: "fortiswitch", product_id: "CSAFPID-113747", product_identification_helper: { cpe: "cpe:2.3:a:fortinet:fortiswitch:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fortianalyzer", product: { name: "fortianalyzer", product_id: "CSAFPID-113748", product_identification_helper: { cpe: "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fortiproxy", product: { name: "fortiproxy", product_id: "CSAFPID-265532", product_identification_helper: { cpe: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fortios", product: { name: "fortios", product_id: "CSAFPID-113752", product_identification_helper: { cpe: "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fortimanager", product: { name: "fortimanager", product_id: "CSAFPID-233785", product_identification_helper: { cpe: "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "fortinet", }, ], }, vulnerabilities: [ { cve: "CVE-2022-23439", references: [ { category: "self", summary: "CVE-2022-23439", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-23439.json", }, ], title: "CVE-2022-23439", }, { cve: "CVE-2023-37936", cwe: { id: "CWE-321", name: "Use of Hard-coded Cryptographic Key", }, notes: [ { category: "other", text: "Use of Hard-coded Cryptographic Key", title: "CWE-321", }, ], product_status: { known_affected: [ "CSAFPID-113747", ], }, references: [ { category: "self", summary: "CVE-2023-37936", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37936.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, products: [ "CSAFPID-113747", ], }, ], title: "CVE-2023-37936", }, { cve: "CVE-2023-37937", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-113747", ], }, references: [ { category: "self", summary: "CVE-2023-37937", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37937.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, products: [ "CSAFPID-113747", ], }, ], title: "CVE-2023-37937", }, { cve: "CVE-2023-42785", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2023-42785", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42785.json", }, ], title: "CVE-2023-42785", }, { cve: "CVE-2023-42791", cwe: { id: "CWE-23", name: "Relative Path Traversal", }, notes: [ { category: "other", text: "Relative Path Traversal", title: "CWE-23", }, { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], references: [ { category: "self", summary: "CVE-2023-42791", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42791.json", }, ], title: "CVE-2023-42791", }, { cve: "CVE-2023-46715", cwe: { id: "CWE-346", name: "Origin Validation Error", }, notes: [ { category: "other", text: "Origin Validation Error", title: "CWE-346", }, ], product_status: { known_affected: [ "CSAFPID-265532", "CSAFPID-113752", ], }, references: [ { category: "self", summary: "CVE-2023-46715", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46715.json", }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:P/RL:X/RC:C", version: "3.1", }, products: [ "CSAFPID-265532", "CSAFPID-113752", ], }, ], title: "CVE-2023-46715", }, { cve: "CVE-2024-21762", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-113752", "CSAFPID-265532", ], }, references: [ { category: "self", summary: "CVE-2024-21762", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21762.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C", version: "3.1", }, products: [ "CSAFPID-113752", "CSAFPID-265532", ], }, ], title: "CVE-2024-21762", }, { cve: "CVE-2024-26012", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], references: [ { category: "self", summary: "CVE-2024-26012", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26012.json", }, ], title: "CVE-2024-26012", }, { cve: "CVE-2024-27778", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], references: [ { category: "self", summary: "CVE-2024-27778", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27778.json", }, ], title: "CVE-2024-27778", }, { cve: "CVE-2024-32115", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Relative Path Traversal", title: "CWE-23", }, ], product_status: { known_affected: [ "CSAFPID-233785", ], }, references: [ { category: "self", summary: "CVE-2024-32115", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32115.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C", version: "3.1", }, products: [ "CSAFPID-233785", ], }, ], title: "CVE-2024-32115", }, { cve: "CVE-2024-33502", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-113748", "CSAFPID-233785", ], }, references: [ { category: "self", summary: "CVE-2024-33502", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33502.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, products: [ "CSAFPID-113748", "CSAFPID-233785", ], }, ], title: "CVE-2024-33502", }, { cve: "CVE-2024-33503", cwe: { id: "CWE-266", name: "Incorrect Privilege Assignment", }, notes: [ { category: "other", text: "Incorrect Privilege Assignment", title: "CWE-266", }, ], references: [ { category: "self", summary: "CVE-2024-33503", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33503.json", }, ], title: "CVE-2024-33503", }, { cve: "CVE-2024-35273", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], references: [ { category: "self", summary: "CVE-2024-35273", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35273.json", }, ], title: "CVE-2024-35273", }, { cve: "CVE-2024-35275", cwe: { id: "CWE-89", name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", title: "CWE-89", }, ], references: [ { category: "self", summary: "CVE-2024-35275", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35275.json", }, ], title: "CVE-2024-35275", }, { cve: "CVE-2024-35276", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], references: [ { category: "self", summary: "CVE-2024-35276", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35276.json", }, ], title: "CVE-2024-35276", }, { cve: "CVE-2024-35277", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, ], references: [ { category: "self", summary: "CVE-2024-35277", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35277.json", }, ], title: "CVE-2024-35277", }, { cve: "CVE-2024-36504", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2024-36504", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36504.json", }, ], title: "CVE-2024-36504", }, { cve: "CVE-2024-36512", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-113748", "CSAFPID-233785", ], }, references: [ { category: "self", summary: "CVE-2024-36512", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36512.json", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, products: [ "CSAFPID-113748", "CSAFPID-233785", ], }, ], title: "CVE-2024-36512", }, { cve: "CVE-2024-46662", product_status: { known_affected: [ "CSAFPID-233785", ], }, references: [ { category: "self", summary: "CVE-2024-46662", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46662.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C", version: "3.1", }, products: [ "CSAFPID-233785", ], }, ], title: "CVE-2024-46662", }, { cve: "CVE-2024-46665", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, notes: [ { category: "other", text: "Insertion of Sensitive Information Into Sent Data", title: "CWE-201", }, ], product_status: { known_affected: [ "CSAFPID-113752", ], }, references: [ { category: "self", summary: "CVE-2024-46665", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46665.json", }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C", version: "3.1", }, products: [ "CSAFPID-113752", ], }, ], title: "CVE-2024-46665", }, { cve: "CVE-2024-46666", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], references: [ { category: "self", summary: "CVE-2024-46666", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46666.json", }, ], title: "CVE-2024-46666", }, { cve: "CVE-2024-46668", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], references: [ { category: "self", summary: "CVE-2024-46668", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46668.json", }, ], title: "CVE-2024-46668", }, { cve: "CVE-2024-46669", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], references: [ { category: "self", summary: "CVE-2024-46669", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46669.json", }, ], title: "CVE-2024-46669", }, { cve: "CVE-2024-46670", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-265532", ], }, references: [ { category: "self", summary: "CVE-2024-46670", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46670.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X", version: "3.1", }, products: [ "CSAFPID-265532", ], }, ], title: "CVE-2024-46670", }, { cve: "CVE-2024-47571", cwe: { id: "CWE-672", name: "Operation on a Resource after Expiration or Release", }, notes: [ { category: "other", text: "Operation on a Resource after Expiration or Release", title: "CWE-672", }, ], product_status: { known_affected: [ "CSAFPID-233785", ], }, references: [ { category: "self", summary: "CVE-2024-47571", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47571.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, products: [ "CSAFPID-233785", ], }, ], title: "CVE-2024-47571", }, { cve: "CVE-2024-48884", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-265532", ], }, references: [ { category: "self", summary: "CVE-2024-48884", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-48884.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", version: "3.1", }, products: [ "CSAFPID-265532", ], }, ], title: "CVE-2024-48884", }, { cve: "CVE-2024-48886", cwe: { id: "CWE-1390", name: "Weak Authentication", }, notes: [ { category: "other", text: "Weak Authentication", title: "CWE-1390", }, ], product_status: { known_affected: [ "CSAFPID-265532", ], }, references: [ { category: "self", summary: "CVE-2024-48886", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-48886.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:R", version: "3.1", }, products: [ "CSAFPID-265532", ], }, ], title: "CVE-2024-48886", }, { cve: "CVE-2024-50566", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], references: [ { category: "self", summary: "CVE-2024-50566", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50566.json", }, ], title: "CVE-2024-50566", }, { cve: "CVE-2024-52963", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-265532", ], }, references: [ { category: "self", summary: "CVE-2024-52963", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52963.json", }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:W/RC:C", version: "3.1", }, products: [ "CSAFPID-265532", ], }, ], title: "CVE-2024-52963", }, { cve: "CVE-2024-54021", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, notes: [ { category: "other", text: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", title: "CWE-113", }, ], product_status: { known_affected: [ "CSAFPID-265532", "CSAFPID-113752", ], }, references: [ { category: "self", summary: "CVE-2024-54021", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54021.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:F/RL:X/RC:C", version: "3.1", }, products: [ "CSAFPID-265532", "CSAFPID-113752", ], }, ], title: "CVE-2024-54021", }, ], }
cve-2024-35275
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:56
Severity ?
Summary
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.2 cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* |
||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35275", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:16:44.327500Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:56:22.260Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.2", status: "affected", version: "7.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiAnalyzer", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.3", status: "affected", version: "7.4.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "Escalation of privilege", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:08:49.273Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-091", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-091", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager Cloud version 7.4.3 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.6.0 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-35275", datePublished: "2025-01-14T14:08:49.273Z", dateReserved: "2024-05-14T21:15:19.188Z", dateUpdated: "2025-01-14T20:56:22.260Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37937
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:55
Severity ?
EPSS score ?
Summary
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI.
References
â–Ľ | URL | Tags |
---|---|---|
https://fortiguard.com/psirt/FG-IR-23-258 |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiSwitch |
Version: 7.4.0 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.7 Version: 6.4.0 ≤ 6.4.13 Version: 6.2.0 ≤ 6.2.7 Version: 6.0.0 ≤ 6.0.7 cpe:2.3:a:fortinet:fortiswitch:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-37937", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:16:36.114892Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:55:14.029Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:fortinet:fortiswitch:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiSwitch", vendor: "Fortinet", versions: [ { status: "affected", version: "7.4.0", }, { lessThanOrEqual: "7.2.5", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.7", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.13", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.7", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.7", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:09:30.314Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-23-258", url: "https://fortiguard.com/psirt/FG-IR-23-258", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiSwitch version 7.4.1 or above\nPlease upgrade to FortiSwitch version 7.2.6 or above\nPlease upgrade to FortiSwitch version 7.0.8 or above\nPlease upgrade to FortiSwitch version 6.4.14 or above\nPlease upgrade to FortiSwitch version 6.2.8 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-37937", datePublished: "2025-01-14T14:09:30.314Z", dateReserved: "2023-07-11T08:16:54.093Z", dateUpdated: "2025-01-14T20:55:14.029Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48884
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-16 16:15
Severity ?
EPSS score ?
Summary
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets.
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiManager |
Version: 7.6.0 ≤ 7.6.1 Version: 7.4.1 ≤ 7.4.3 cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* |
|||||||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48884", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:17:58.698254Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:55:28.999Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.6.1", status: "affected", version: "7.6.0", versionType: "semver", }, { lessThanOrEqual: "7.4.3", status: "affected", version: "7.4.1", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { status: "affected", version: "7.6.0", }, { lessThanOrEqual: "7.4.4", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.9", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.15", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, { cpes: [], defaultStatus: "unaffected", product: "FortiProxy", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.5", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.11", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.18", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "2.0.14", status: "affected", version: "2.0.0", versionType: "semver", }, { lessThanOrEqual: "1.2.13", status: "affected", version: "1.2.0", versionType: "semver", }, { lessThanOrEqual: "1.1.6", status: "affected", version: "1.1.0", versionType: "semver", }, { lessThanOrEqual: "1.0.7", status: "affected", version: "1.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "Escalation of privilege", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-16T16:15:35.420Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-259", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-259", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiRecorder version 7.2.2 or above \nPlease upgrade to FortiRecorder version 7.0.5 or above \nPlease upgrade to FortiProxy version 7.4.6 or above \nPlease upgrade to FortiProxy version 7.2.12 or above \nPlease upgrade to FortiProxy version 7.0.19 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiWeb version 7.6.1 or above \nPlease upgrade to FortiWeb version 7.4.5 or above \nPlease upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.10 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiManager version 7.6.2 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiVoice version 7.2.0 or above \nPlease upgrade to FortiVoice version 7.0.5 or above \nPlease upgrade to FortiVoice version 6.4.10 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-48884", datePublished: "2025-01-14T14:09:26.476Z", dateReserved: "2024-10-09T09:03:09.960Z", dateUpdated: "2025-01-16T16:15:35.420Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33502
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-15 14:54
Severity ?
EPSS score ?
Summary
An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.13 Version: 6.4.0 ≤ 6.4.15 Version: 6.2.0 ≤ 6.2.13 Version: 6.0.0 ≤ 6.0.12 cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:* |
||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-33502", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-15T14:54:07.239273Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-15T14:54:27.861Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.2", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.5", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.13", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.13", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.12", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiAnalyzer", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.2", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.5", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.13", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.13", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.12", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:09:50.493Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-143", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-143", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-33502", datePublished: "2025-01-14T14:09:50.493Z", dateReserved: "2024-04-23T14:18:29.829Z", dateUpdated: "2025-01-15T14:54:27.861Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-46669
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:56
Severity ?
EPSS score ?
Summary
An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.10 cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-46669", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:15:26.892124Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:56:51.902Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.4", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.10", status: "affected", version: "7.2.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 3.2, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "Denial of service", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:08:37.297Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-267", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-267", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiSASE version 24.4.a or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-46669", datePublished: "2025-01-14T14:08:37.297Z", dateReserved: "2024-09-11T12:14:59.204Z", dateUpdated: "2025-01-14T20:56:51.902Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26012
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-15 14:56
Severity ?
EPSS score ?
Summary
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI.
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiAP-S |
Version: 6.4.0 ≤ 6.4.9 Version: 6.2.0 ≤ 6.2.6 cpe:2.3:a:fortinet:fortiap-s:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiap-s:6.2.0:*:*:*:*:*:*:* |
|||||||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-26012", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-15T14:56:09.448550Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-15T14:56:20.011Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:fortinet:fortiap-s:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap-s:6.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiAP-S", vendor: "Fortinet", versions: [ { lessThanOrEqual: "6.4.9", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.6", status: "affected", version: "6.2.0", versionType: "semver", }, ], }, { cpes: [], defaultStatus: "unaffected", product: "FortiAP-W2", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.2", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.3", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.8", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.10", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiAP", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.2", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.3", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.7", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.9", status: "affected", version: "6.4.3", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:09:54.124Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-23-405", url: "https://fortiguard.fortinet.com/psirt/FG-IR-23-405", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiAP-S version 6.4.10 or above \nPlease upgrade to FortiAP-W2 version 7.4.3 or above \nPlease upgrade to FortiAP-W2 version 7.2.4 or above \nPlease upgrade to FortiAP version 7.4.3 or above \nPlease upgrade to FortiAP version 7.2.4 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-26012", datePublished: "2025-01-14T14:09:54.124Z", dateReserved: "2024-02-14T09:18:43.246Z", dateUpdated: "2025-01-15T14:56:20.011Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-50566
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:57
Severity ?
EPSS score ?
Summary
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiManager |
Version: 7.6.0 ≤ 7.6.1 Version: 7.4.0 ≤ 7.4.5 Version: 7.2.1 ≤ 7.2.8 cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-50566", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:16:49.654273Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:57:06.777Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.6.1", status: "affected", version: "7.6.0", versionType: "semver", }, { lessThanOrEqual: "7.4.5", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.8", status: "affected", version: "7.2.1", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:X", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:08:35.384Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-463", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-463", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiManager version 7.6.2 or above \nPlease upgrade to FortiManager version 7.4.6 or above \nPlease upgrade to FortiManager version 7.2.9 or above \nPlease upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.5 or above \nPlease upgrade to FortiManager Cloud version 7.2.8 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-50566", datePublished: "2025-01-14T14:08:35.384Z", dateReserved: "2024-10-24T11:52:14.401Z", dateUpdated: "2025-01-14T20:57:06.777Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35273
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:55
Severity ?
EPSS score ?
Summary
A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiAnalyzer |
Version: 7.4.0 ≤ 7.4.3 cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:* |
||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35273", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:16:41.659053Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:55:51.137Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiAnalyzer", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.3", status: "affected", version: "7.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.2", status: "affected", version: "7.4.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "Escalation of privilege", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:08:54.379Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-106", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-106", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiAnalyzer Cloud version 7.4.3 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiSwitchManager version 7.2.4 or above \nPlease upgrade to FortiProxy version 7.4.5 or above \nPlease upgrade to FortiPAM version 1.3.0 or above \nPlease upgrade to FortiADC version 7.6.0 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiAnalyzer version 7.6.0 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager Cloud version 7.4.3 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-35273", datePublished: "2025-01-14T14:08:54.379Z", dateReserved: "2024-05-14T21:15:19.188Z", dateUpdated: "2025-01-14T20:55:51.137Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-46666
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-02-18 21:39
Severity ?
EPSS score ?
Summary
An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.10 Version: 7.0.0 ≤ 7.0.16 Version: 6.4.0 ≤ 6.4.15 cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-46666", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-27T17:37:49.718656Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T21:39:30.528Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { status: "affected", version: "7.6.0", }, { lessThanOrEqual: "7.4.4", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.10", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.16", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "Denial of service", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:09:56.935Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-250", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-250", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-46666", datePublished: "2025-01-14T14:09:56.935Z", dateReserved: "2024-09-11T12:14:59.204Z", dateUpdated: "2025-02-18T21:39:30.528Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-46668
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:55
Severity ?
EPSS score ?
Summary
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.8 Version: 7.0.0 ≤ 7.0.15 Version: 6.4.0 ≤ 6.4.15 cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-46668", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:18:02.790039Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:55:43.639Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.4", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.8", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.15", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "Denial of service", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:08:59.162Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-219", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-219", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.9 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiOS version 6.4.16 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-46668", datePublished: "2025-01-14T14:08:59.162Z", dateReserved: "2024-09-11T12:14:59.204Z", dateUpdated: "2025-01-14T20:55:43.639Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27778
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:54
Severity ?
EPSS score ?
Summary
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiSandbox |
Version: 4.4.0 ≤ 4.4.4 Version: 4.2.0 ≤ 4.2.6 Version: 4.0.0 ≤ 4.0.4 Version: 3.2.0 ≤ 3.2.4 Version: 3.1.0 ≤ 3.1.5 Version: 3.0.5 ≤ 3.0.7 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-27778", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:16:30.514916Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:54:50.087Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [], defaultStatus: "unaffected", product: "FortiSandbox", vendor: "Fortinet", versions: [ { lessThanOrEqual: "4.4.4", status: "affected", version: "4.4.0", versionType: "semver", }, { lessThanOrEqual: "4.2.6", status: "affected", version: "4.2.0", versionType: "semver", }, { lessThanOrEqual: "4.0.4", status: "affected", version: "4.0.0", versionType: "semver", }, { lessThanOrEqual: "3.2.4", status: "affected", version: "3.2.0", versionType: "semver", }, { lessThanOrEqual: "3.1.5", status: "affected", version: "3.1.0", versionType: "semver", }, { lessThanOrEqual: "3.0.7", status: "affected", version: "3.0.5", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:09:34.439Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-061", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-061", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiSandbox Cloud version 24.1 or above \nPlease upgrade to FortiSandbox version 4.4.5 or above \nPlease upgrade to FortiSandbox version 4.2.7 or above \nPlease upgrade to FortiSandbox version 4.0.5 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-27778", datePublished: "2025-01-14T14:09:34.439Z", dateReserved: "2024-02-26T14:46:31.334Z", dateUpdated: "2025-01-14T20:54:50.087Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33503
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:54
Severity ?
EPSS score ?
Summary
A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.3 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.13 Version: 6.4.0 ≤ 6.4.15 cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-33503", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:16:33.256242Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:54:57.869Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.3", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.5", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.13", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "Escalation of privilege", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:09:33.613Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-127", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-127", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiManager version 7.6.0 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above \nPlease upgrade to FortiManager Cloud version 7.2.7 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.3 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.2.7 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-33503", datePublished: "2025-01-14T14:09:33.613Z", dateReserved: "2024-04-23T14:18:29.830Z", dateUpdated: "2025-01-14T20:54:57.869Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36512
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:56
Severity ?
EPSS score ?
Summary
An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.3 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.2 ≤ 7.0.12 Version: 6.2.10 ≤ 6.2.13 cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:* |
||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36512", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:16:47.023639Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:56:36.826Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.3", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.5", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.12", status: "affected", version: "7.0.2", versionType: "semver", }, { lessThanOrEqual: "6.2.13", status: "affected", version: "6.2.10", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiAnalyzer", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.3", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.5", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.12", status: "affected", version: "7.0.2", versionType: "semver", }, { lessThanOrEqual: "6.2.13", status: "affected", version: "6.2.10", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:08:44.576Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-152", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-152", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiManager version 7.6.0 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiAnalyzer version 7.6.0 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiAnalyzer version 7.0.13 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-36512", datePublished: "2025-01-14T14:08:44.576Z", dateReserved: "2024-05-29T08:44:50.760Z", dateUpdated: "2025-01-14T20:56:36.826Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21762
Vulnerability from cvelistv5
Published
2024-02-09 08:14
Modified
2024-08-01 22:27
Severity ?
EPSS score ?
Summary
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
References
â–Ľ | URL | Tags |
---|---|---|
https://fortiguard.com/psirt/FG-IR-24-015 |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiProxy |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.8 Version: 7.0.0 ≤ 7.0.14 Version: 2.0.0 ≤ 2.0.13 Version: 1.2.0 ≤ 1.2.13 Version: 1.1.0 ≤ 1.1.6 Version: 1.0.0 ≤ 1.0.7 |
||||||
|
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortiproxy", vendor: "fortinet", versions: [ { lessThan: "2.0.14", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortiproxy", vendor: "fortinet", versions: [ { lessThan: "7.0.15", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortiproxy", vendor: "fortinet", versions: [ { lessThan: "7.2.9", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortiproxy", vendor: "fortinet", versions: [ { lessThan: "7.4.3", status: "affected", version: "7.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortios", vendor: "fortinet", versions: [ { lessThan: "6.2.16", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortios", vendor: "fortinet", versions: [ { lessThan: "6.4.15", status: "affected", version: "6.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortios", vendor: "fortinet", versions: [ { lessThan: "7.0.14", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortios", vendor: "fortinet", versions: [ { lessThan: "7.2.7", status: "affected", version: "7.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortios", vendor: "fortinet", versions: [ { lessThan: "7.4.3", status: "affected", version: "7.4.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-21762", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-12T17:59:22.915991Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-02-09", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21762", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:37:45.403Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:27:36.250Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-24-015", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-24-015", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiProxy", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.2", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.8", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.14", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "2.0.13", status: "affected", version: "2.0.0", versionType: "semver", }, { lessThanOrEqual: "1.2.13", status: "affected", version: "1.2.0", versionType: "semver", }, { lessThanOrEqual: "1.1.6", status: "affected", version: "1.1.0", versionType: "semver", }, { lessThanOrEqual: "1.0.7", status: "affected", version: "1.0.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.2", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.6", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.13", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.14", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.15", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.17", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-09T08:14:25.954Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-24-015", url: "https://fortiguard.com/psirt/FG-IR-24-015", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.15 or above \nPlease upgrade to FortiProxy version 2.0.14 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.3 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiOS version 6.4.15 or above \nPlease upgrade to FortiOS version 6.2.16 or above \n", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-21762", datePublished: "2024-02-09T08:14:25.954Z", dateReserved: "2024-01-02T10:15:00.527Z", dateUpdated: "2024-08-01T22:27:36.250Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42791
Vulnerability from cvelistv5
Published
2024-02-20 13:19
Modified
2024-08-02 19:30
Severity ?
EPSS score ?
Summary
A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
References
â–Ľ | URL | Tags |
---|---|---|
https://fortiguard.com/psirt/FG-IR-23-189 |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiManager |
Version: 7.4.0 Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.8 Version: 6.4.0 ≤ 6.4.12 Version: 6.2.0 ≤ 6.2.11 |
||||||
|
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortianalyzer", vendor: "fortinet", versions: [ { lessThanOrEqual: "6.2.11", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.4.12", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "7.0.8", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "7.2.3", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThan: "7.4.1", status: "affected", version: "7.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortimanager", vendor: "fortinet", versions: [ { lessThanOrEqual: "6.2.11", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.4.12", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "7.0.8", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "7.2.3", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThan: "7.4.1", status: "affected", version: "7.4.0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-42791", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T17:13:32.925996Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T17:18:19.959Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T19:30:24.297Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-23-189", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-23-189", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { status: "affected", version: "7.4.0", }, { lessThanOrEqual: "7.2.3", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.8", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.12", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.11", status: "affected", version: "6.2.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "FortiAnalyzer", vendor: "Fortinet", versions: [ { status: "affected", version: "7.4.0", }, { lessThanOrEqual: "7.2.3", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.8", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.12", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.11", status: "affected", version: "6.2.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-23", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-20T13:19:20.221Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-23-189", url: "https://fortiguard.com/psirt/FG-IR-23-189", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiAnalyzer-BigData version 7.2.6 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.0.7 or above \nPlease upgrade to FortiAnalyzer-BigData version 6.4.8 or above \nPlease upgrade to FortiAnalyzer-BigData version 6.2.6 or above \nPlease upgrade to FortiManager version 7.4.1 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiManager version 7.0.9 or above \nPlease upgrade to FortiManager version 6.4.13 or above \nPlease upgrade to FortiManager version 6.2.12 or above \nPlease upgrade to FortiAnalyzer version 7.4.1 or above \nPlease upgrade to FortiAnalyzer version 7.2.4 or above \nPlease upgrade to FortiAnalyzer version 7.0.9 or above \nPlease upgrade to FortiAnalyzer version 6.4.13 or above \nPlease upgrade to FortiAnalyzer version 6.2.12 or above \n", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-42791", datePublished: "2024-02-20T13:19:20.221Z", dateReserved: "2023-09-14T08:37:38.657Z", dateUpdated: "2024-08-02T19:30:24.297Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46715
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:55
Severity ?
EPSS score ?
Summary
An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets.
References
â–Ľ | URL | Tags |
---|---|---|
https://fortiguard.com/psirt/FG-IR-23-407 |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiProxy |
Version: 7.4.0 ≤ 7.4.1 Version: 7.2.0 ≤ 7.2.6 Version: 7.0.0 ≤ 7.0.12 |
||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-46715", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:15:14.692340Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:55:58.030Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [], defaultStatus: "unaffected", product: "FortiProxy", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.1", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.6", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.12", status: "affected", version: "7.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.1", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.10", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.16", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.16", status: "affected", version: "6.2.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:P/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-346", description: "Improper access control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:08:52.045Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-23-407", url: "https://fortiguard.com/psirt/FG-IR-23-407", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiSASE version 22.4 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-46715", datePublished: "2025-01-14T14:08:52.045Z", dateReserved: "2023-10-25T08:43:15.290Z", dateUpdated: "2025-01-14T20:55:58.030Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23439
Vulnerability from cvelistv5
Published
2025-01-22 09:10
Modified
2025-01-22 14:21
Severity ?
EPSS score ?
Summary
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
References
â–Ľ | URL | Tags |
---|---|---|
https://fortiguard.com/psirt/FG-IR-21-254 |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiTester |
Version: 7.2.0 ≤ 7.2.1 Version: 7.1.0 ≤ 7.1.1 Version: 7.0.0 Version: 4.2.0 ≤ 4.2.1 Version: 4.1.0 ≤ 4.1.1 Version: 4.0.0 Version: 3.9.0 ≤ 3.9.2 Version: 3.8.0 Version: 3.7.0 ≤ 3.7.1 Version: 3.6.0 Version: 3.5.0 ≤ 3.5.1 Version: 3.4.0 Version: 3.3.0 ≤ 3.3.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-23439", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-22T14:21:27.552014Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-22T14:21:36.714Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [], defaultStatus: "unaffected", product: "FortiTester", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.2.1", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.1.1", status: "affected", version: "7.1.0", versionType: "semver", }, { status: "affected", version: "7.0.0", }, { lessThanOrEqual: "4.2.1", status: "affected", version: "4.2.0", versionType: "semver", }, { lessThanOrEqual: "4.1.1", status: "affected", version: "4.1.0", versionType: "semver", }, { status: "affected", version: "4.0.0", }, { lessThanOrEqual: "3.9.2", status: "affected", version: "3.9.0", versionType: "semver", }, { status: "affected", version: "3.8.0", }, { lessThanOrEqual: "3.7.1", status: "affected", version: "3.7.0", versionType: "semver", }, { status: "affected", version: "3.6.0", }, { lessThanOrEqual: "3.5.1", status: "affected", version: "3.5.0", versionType: "semver", }, { status: "affected", version: "3.4.0", }, { lessThanOrEqual: "3.3.1", status: "affected", version: "3.3.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { status: "affected", version: "7.2.0", }, { lessThanOrEqual: "7.0.5", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.16", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.18", status: "affected", version: "6.0.0", versionType: "semver", }, { lessThan: "6.4.*", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.2.*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiMail", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.3", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.8", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.9", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.12", status: "affected", version: "6.0.0", versionType: "semver", }, { lessThanOrEqual: "5.4.12", status: "affected", version: "5.4.0", versionType: "semver", }, { lessThan: "7.2.*", status: "affected", version: "7.2.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiSwitch", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.4", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.10", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.8", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.7", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiDDoS-F", vendor: "Fortinet", versions: [ { lessThanOrEqual: "6.3.3", status: "affected", version: "6.3.0", versionType: "semver", }, { lessThanOrEqual: "6.2.3", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.1.5", status: "affected", version: "6.1.0", versionType: "semver", }, ], }, { cpes: [], defaultStatus: "unaffected", product: "FortiProxy", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.4", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "2.0.14", status: "affected", version: "2.0.0", versionType: "semver", }, { lessThanOrEqual: "1.2.13", status: "affected", version: "1.2.0", versionType: "semver", }, { lessThanOrEqual: "1.1.6", status: "affected", version: "1.1.0", versionType: "semver", }, { lessThanOrEqual: "1.0.7", status: "affected", version: "1.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiRecorder", vendor: "Fortinet", versions: [ { lessThanOrEqual: "6.4.2", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.0.10", status: "affected", version: "6.0.0", versionType: "semver", }, { lessThanOrEqual: "2.7.7", status: "affected", version: "2.7.0", versionType: "semver", }, { lessThanOrEqual: "2.6.3", status: "affected", version: "2.6.0", versionType: "semver", }, ], }, { cpes: [], defaultStatus: "unaffected", product: "FortiNDR", vendor: "Fortinet", versions: [ { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.1.0", }, { lessThanOrEqual: "7.0.6", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "1.5.3", status: "affected", version: "1.5.0", versionType: "semver", }, { status: "affected", version: "1.4.0", }, { lessThanOrEqual: "1.3.1", status: "affected", version: "1.3.0", versionType: "semver", }, { status: "affected", version: "1.2.0", }, { status: "affected", version: "1.1.0", }, ], }, { cpes: [ "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiADC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.1", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.2.3", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.1.6", status: "affected", version: "6.1.0", versionType: "semver", }, { lessThanOrEqual: "6.0.4", status: "affected", version: "6.0.0", versionType: "semver", }, { lessThanOrEqual: "5.4.5", status: "affected", version: "5.4.0", versionType: "semver", }, { lessThanOrEqual: "5.3.7", status: "affected", version: "5.3.0", versionType: "semver", }, { lessThanOrEqual: "5.2.8", status: "affected", version: "5.2.0", versionType: "semver", }, { lessThanOrEqual: "5.1.7", status: "affected", version: "5.1.0", versionType: "semver", }, { lessThanOrEqual: "5.0.4", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.3", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.9", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.13", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.13", status: "affected", version: "6.2.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiSOAR", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.2.2", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.3", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.4", status: "affected", version: "6.4.3", versionType: "semver", }, { lessThanOrEqual: "6.4.1", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiVoice", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.1", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.8", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.0.11", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiDDoS", vendor: "Fortinet", versions: [ { lessThanOrEqual: "5.5.1", status: "affected", version: "5.5.0", versionType: "semver", }, { lessThanOrEqual: "5.4.3", status: "affected", version: "5.4.0", versionType: "semver", }, { lessThanOrEqual: "5.3.2", status: "affected", version: "5.3.0", versionType: "semver", }, { status: "affected", version: "5.2.0", }, { status: "affected", version: "5.1.0", }, { status: "affected", version: "5.0.0", }, { status: "affected", version: "4.7.0", }, { status: "affected", version: "4.6.0", }, { status: "affected", version: "4.5.0", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiWLC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "8.6.7", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.5", status: "affected", version: "8.5.0", versionType: "semver", }, { lessThanOrEqual: "8.4.8", status: "affected", version: "8.4.4", versionType: "semver", }, { lessThanOrEqual: "8.4.2", status: "affected", version: "8.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiAnalyzer", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.2", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.9", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.13", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.13", status: "affected", version: "6.2.0", versionType: "semver", }, ], }, { cpes: [], defaultStatus: "unaffected", product: "FortiPortal", vendor: "Fortinet", versions: [ { lessThanOrEqual: "6.0.9", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiAuthenticator", vendor: "Fortinet", versions: [ { lessThanOrEqual: "6.4.1", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.3.3", status: "affected", version: "6.3.0", versionType: "semver", }, { lessThanOrEqual: "6.2.2", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.1.3", status: "affected", version: "6.1.0", versionType: "semver", }, { lessThanOrEqual: "6.0.8", status: "affected", version: "6.0.0", versionType: "semver", }, { status: "affected", version: "5.5.0", }, { lessThanOrEqual: "5.4.1", status: "affected", version: "5.4.0", versionType: "semver", }, { lessThanOrEqual: "5.3.1", status: "affected", version: "5.3.0", versionType: "semver", }, { lessThanOrEqual: "5.2.2", status: "affected", version: "5.2.0", versionType: "semver", }, { lessThanOrEqual: "5.1.2", status: "affected", version: "5.1.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-610", description: "Improper access control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-22T09:10:28.669Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-21-254", url: "https://fortiguard.com/psirt/FG-IR-21-254", }, ], solutions: [ { lang: "en", value: "FortiOS\nAdministrative Interface\nPlease upgrade to FortiOS version 7.0.6 and above,\nPlease upgrade to FortiOS version 7.2.1 and above.\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebfilter interface (port 8008)\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nPlease upgrade to FortiOS version 7.0.12 or above\nPlease upgrade to FortiOS version 6.4.13 or above\n\nFortiProxy\nAdministrative Interface\nPlease upgrade to FortiProxy version 7.0.5 and above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiProxy version 7.4.0 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebFilter interface (port 8008)\nPlease upgrade to FortiProxy version 7.4.0 or above\n\nPlease upgrade to FortiRecorder version 7.0.0 or above \nPlease upgrade to FortiRecorder version 6.4.3 or above \nPlease upgrade to FortiRecorder version 6.0.11 or above \nPlease upgrade to FortiNDR version 7.4.0 or above\n\nFortiNDR\nPlease upgrade to FortiNDR version 7.2.1 or above\nPlease upgrade to FortiNDR version 7.1.1 or above\nAND\nSet the `https-redirect-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n set https-redirect-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\nend\n\nFortiADC\nPlease upgrade to FortiADC version 7.1.0 or above\nPlease upgrade to FortiADC version 7.0.2 or above\nPlease upgrade to FortiADC version 6.2.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n config system global\n set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\n\nFortiDDOS-F\nPlease upgrade to FortiDDoS-F version 6.4.0 or above\nPlease upgrade to FortiDDoS-F version 6.3.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n config system global\n set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\" \n\nPlease upgrade to FortiSwitch version 7.2.0 or above \nPlease upgrade to FortiSwitch version 7.0.5 or above \nPlease upgrade to FortiSwitch version 6.4.11 or above \nPlease upgrade to FortiVoice version 7.0.2 or above\nPlease upgrade to FortiVoice version 6.4.9 or above\nPlease upgrade to FortiMail version 7.2.0 or above \nPlease upgrade to FortiMail version 7.0.4 or above \nPlease upgrade to FortiWLC version 8.6.7 or above \nPlease upgrade to FortiAuthenticator version 6.4.2 or above \nPlease upgrade to FortiAuthenticator version 6.3.4 or above \nPlease upgrade to FortiDDoS version 5.6.0 or above \nPlease upgrade to FortiDDoS version 5.5.2 or above \nPlease upgrade to FortiSOAR version 7.3.0 or above \nPlease upgrade to FortiTester version 7.3.0 or above \nPlease upgrade to FortiTester version 7.2.2 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-23439", datePublished: "2025-01-22T09:10:28.669Z", dateReserved: "2022-01-19T07:38:03.512Z", dateUpdated: "2025-01-22T14:21:36.714Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-46670
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:56
Severity ?
EPSS score ?
Summary
An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests.
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiOS |
Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.9 cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* |
|||||||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-46670", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:18:06.282792Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:56:44.074Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { status: "affected", version: "7.6.0", }, { lessThanOrEqual: "7.4.4", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.9", status: "affected", version: "7.2.0", versionType: "semver", }, ], }, { cpes: [], defaultStatus: "unaffected", product: "FortiProxy", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.5", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.11", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.18", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "2.0.14", status: "affected", version: "2.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiPAM", vendor: "Fortinet", versions: [ { lessThanOrEqual: "1.4.1", status: "affected", version: "1.4.0", versionType: "semver", }, { status: "affected", version: "1.3.0", }, { status: "affected", version: "1.2.0", }, { lessThanOrEqual: "1.1.2", status: "affected", version: "1.1.0", versionType: "semver", }, { lessThanOrEqual: "1.0.3", status: "affected", version: "1.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "Denial of service", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:08:41.759Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-266", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-266", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiSASE version 24.3.c or above \nPlease upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.10 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-46670", datePublished: "2025-01-14T14:08:41.759Z", dateReserved: "2024-09-11T12:14:59.205Z", dateUpdated: "2025-01-14T20:56:44.074Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-47571
Vulnerability from cvelistv5
Published
2025-01-14 14:10
Modified
2025-02-18 21:36
Severity ?
EPSS score ?
Summary
An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiManager |
Version: 7.4.0 Version: 7.2.3 Version: 7.0.7 ≤ 7.0.8 Version: 6.4.12 cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-47571", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T14:23:18.623557Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T21:36:03.768Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { status: "affected", version: "7.4.0", }, { status: "affected", version: "7.2.3", }, { lessThanOrEqual: "7.0.8", status: "affected", version: "7.0.7", versionType: "semver", }, { status: "affected", version: "6.4.12", }, ], }, ], descriptions: [ { lang: "en", value: "An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-672", description: "Improper access control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:10:00.156Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-239", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-239", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiManager version 7.4.1 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiManager version 7.0.9 or above \nPlease upgrade to FortiManager version 6.4.13 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-47571", datePublished: "2025-01-14T14:10:00.156Z", dateReserved: "2024-09-27T16:19:24.136Z", dateUpdated: "2025-02-18T21:36:03.768Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32115
Vulnerability from cvelistv5
Published
2025-01-14 14:10
Modified
2025-02-18 21:33
Severity ?
EPSS score ?
Summary
A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.13 cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-32115", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T14:15:51.838520Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T21:33:30.403Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.2", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.5", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.13", status: "affected", version: "7.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-23", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:10:01.318Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-097", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-097", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-32115", datePublished: "2025-01-14T14:10:01.318Z", dateReserved: "2024-04-11T12:09:46.570Z", dateUpdated: "2025-02-18T21:33:30.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-46665
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:57
Severity ?
EPSS score ?
Summary
An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-46665", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:15:36.897456Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:57:35.579Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { status: "affected", version: "7.6.0", }, { lessThanOrEqual: "7.4.4", status: "affected", version: "7.4.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-201", description: "Information disclosure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:08:26.784Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-326", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-326", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-46665", datePublished: "2025-01-14T14:08:26.784Z", dateReserved: "2024-09-11T12:14:59.204Z", dateUpdated: "2025-01-14T20:57:35.579Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36504
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-02-18 21:38
Severity ?
EPSS score ?
Summary
An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.8 Version: 7.0.0 ≤ 7.0.16 Version: 6.4.0 ≤ 6.4.15 cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36504", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T14:29:08.113154Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T21:38:19.515Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.4", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.8", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.16", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "Denial of service", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:09:58.824Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-23-473", url: "https://fortiguard.fortinet.com/psirt/FG-IR-23-473", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.9 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-36504", datePublished: "2025-01-14T14:09:58.824Z", dateReserved: "2024-05-29T08:44:50.759Z", dateUpdated: "2025-02-18T21:38:19.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35277
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-15 14:56
Severity ?
EPSS score ?
Summary
A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiManager |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.12 Version: 6.4.0 ≤ 6.4.14 cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35277", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-15T14:56:46.600702Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-15T14:56:56.325Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.2", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.5", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.12", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.14", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "Improper access control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:09:54.348Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-135", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-135", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiManager Cloud version 7.4.3 or above \nPlease upgrade to FortiManager Cloud version 7.2.7 or above \nPlease upgrade to FortiManager Cloud version 7.0.13 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-35277", datePublished: "2025-01-14T14:09:54.348Z", dateReserved: "2024-05-14T21:15:19.189Z", dateUpdated: "2025-01-15T14:56:56.325Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37936
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:55
Severity ?
EPSS score ?
Summary
A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests.
References
â–Ľ | URL | Tags |
---|---|---|
https://fortiguard.com/psirt/FG-IR-23-260 |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiSwitch |
Version: 7.4.0 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.7 Version: 6.4.0 ≤ 6.4.13 Version: 6.2.0 ≤ 6.2.7 Version: 6.0.0 ≤ 6.0.7 cpe:2.3:a:fortinet:fortiswitch:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-37936", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:18:43.351489Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:55:06.579Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:fortinet:fortiswitch:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiSwitch", vendor: "Fortinet", versions: [ { status: "affected", version: "7.4.0", }, { lessThanOrEqual: "7.2.5", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.7", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.13", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.7", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.7", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-321", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:09:30.417Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-23-260", url: "https://fortiguard.com/psirt/FG-IR-23-260", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiSwitch version 7.4.1 or above\nPlease upgrade to FortiSwitch version 7.2.6 or above\nPlease upgrade to FortiSwitch version 7.0.8 or above\nPlease upgrade to FortiSwitch version 6.4.14 or above\nPlease upgrade to FortiSwitch version 6.2.8 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-37936", datePublished: "2025-01-14T14:09:30.417Z", dateReserved: "2023-07-11T08:16:54.093Z", dateUpdated: "2025-01-14T20:55:06.579Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54021
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-15 14:49
Severity ?
EPSS score ?
Summary
An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiOS |
Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.8 cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* |
||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-54021", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-15T14:49:26.902314Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-15T14:49:47.028Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { status: "affected", version: "7.6.0", }, { lessThanOrEqual: "7.4.4", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.8", status: "affected", version: "7.2.0", versionType: "semver", }, ], }, { cpes: [], defaultStatus: "unaffected", product: "FortiProxy", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.5", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.11", status: "affected", version: "7.2.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:F/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-113", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:09:48.859Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-282", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-282", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiSASE version 24.3.c or above \nPlease upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.4.6 or above \nPlease upgrade to FortiProxy version 7.2.12 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-54021", datePublished: "2025-01-14T14:09:48.859Z", dateReserved: "2024-11-27T15:20:39.890Z", dateUpdated: "2025-01-15T14:49:47.028Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48886
Vulnerability from cvelistv5
Published
2025-01-14 14:09
Modified
2025-01-14 20:54
Severity ?
EPSS score ?
Summary
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.8 Version: 7.0.0 ≤ 7.0.15 Version: 6.4.0 ≤ 6.4.15 cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48886", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:16:27.567437Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:54:42.523Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.4", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.8", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.15", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, { cpes: [], defaultStatus: "unaffected", product: "FortiProxy", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.4", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.10", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.17", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "2.0.14", status: "affected", version: "2.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:R", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1390", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:09:34.647Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-221", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-221", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.9 or above \nPlease upgrade to FortiOS version 7.0.16 or above \nPlease upgrade to FortiAnalyzer version 7.6.2 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.6.2 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.4 or above \nPlease upgrade to FortiManager version 7.6.2 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiProxy version 7.4.5 or above \nPlease upgrade to FortiProxy version 7.2.11 or above \nPlease upgrade to FortiProxy version 7.0.18 or above \nPlease upgrade to FortiProxy version 2.0.15 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-48886", datePublished: "2025-01-14T14:09:34.647Z", dateReserved: "2024-10-09T09:03:09.960Z", dateUpdated: "2025-01-14T20:54:42.523Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42785
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:56
Severity ?
EPSS score ?
Summary
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.1 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.16 Version: 6.4.0 ≤ 6.4.15 Version: 6.2.0 ≤ 6.2.16 Version: 6.0.0 ≤ 6.0.18 cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-42785", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:15:23.669911Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:56:29.240Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.1", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.5", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.16", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.16", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.18", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "Denial of service", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:08:47.926Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-23-293", url: "https://fortiguard.fortinet.com/psirt/FG-IR-23-293", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiSASE version 23.4.a or above \nPlease upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.6 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-42785", datePublished: "2025-01-14T14:08:47.926Z", dateReserved: "2023-09-14T08:37:38.657Z", dateUpdated: "2025-01-14T20:56:29.240Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52963
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:57
Severity ?
EPSS score ?
Summary
A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiProxy |
Version: 7.4.0 ≤ 7.4.5 Version: 7.2.0 ≤ 7.2.13 Version: 7.0.0 ≤ 7.0.20 Version: 2.0.0 ≤ 2.0.14 |
|||||||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-52963", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:15:33.947500Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:57:21.296Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [], defaultStatus: "unaffected", product: "FortiProxy", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.5", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.13", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.20", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "2.0.14", status: "affected", version: "2.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { status: "affected", version: "7.6.0", }, { lessThanOrEqual: "7.4.6", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.10", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.16", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiPAM", vendor: "Fortinet", versions: [ { lessThanOrEqual: "1.4.2", status: "affected", version: "1.4.0", versionType: "semver", }, { lessThanOrEqual: "1.3.1", status: "affected", version: "1.3.0", versionType: "semver", }, { status: "affected", version: "1.2.0", }, { lessThanOrEqual: "1.1.2", status: "affected", version: "1.1.0", versionType: "semver", }, { lessThanOrEqual: "1.0.3", status: "affected", version: "1.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:W/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "Denial of service", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:08:31.001Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-373", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-373", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiOS version 7.6.1 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-52963", datePublished: "2025-01-14T14:08:31.001Z", dateReserved: "2024-11-18T13:36:52.465Z", dateUpdated: "2025-01-14T20:57:21.296Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35276
Vulnerability from cvelistv5
Published
2025-01-14 14:08
Modified
2025-01-14 20:56
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
â–Ľ | Fortinet | FortiAnalyzer |
Version: 7.4.0 ≤ 7.4.3 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.12 Version: 6.4.0 ≤ 6.4.14 cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:* |
||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35276", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:15:20.448933Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T20:56:14.257Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiAnalyzer", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.3", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.5", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.12", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.14", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.3", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.5", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.12", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.14", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T14:08:50.740Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-165", url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-165", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiAnalyzer version 7.6.0 or above \nPlease upgrade to FortiAnalyzer version 7.4.4 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiAnalyzer version 7.0.13 or above \nPlease upgrade to FortiAnalyzer version 6.4.15 or above \nPlease upgrade to FortiManager Cloud version 7.4.4 or above \nPlease upgrade to FortiManager Cloud version 7.2.6 or above \nPlease upgrade to FortiManager Cloud version 7.0.12 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.4 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.2.6 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.0.12 or above \nPlease upgrade to FortiPortal version 6.0.16 or above \nPlease upgrade to FortiManager version 7.6.0 or above \nPlease upgrade to FortiManager version 7.4.4 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiManager version 6.4.15 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2024-35276", datePublished: "2025-01-14T14:08:50.740Z", dateReserved: "2024-05-14T21:15:19.189Z", dateUpdated: "2025-01-14T20:56:14.257Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.