Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2024-05-14 CVE-2023-36640 Use of Externally-Controlled Format String vulnerability in Fortinet Fortios and Fortiproxy
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands
local
low complexity
fortinet CWE-134
6.7
2024-05-14 CVE-2023-40720 Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortivoice
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.
network
low complexity
fortinet CWE-639
7.1
2024-05-14 CVE-2023-44247 Double Free vulnerability in Fortinet Fortios
A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.
network
low complexity
fortinet CWE-415
7.2
2024-05-14 CVE-2023-45583 Use of Externally-Controlled Format String vulnerability in Fortinet products
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.
network
low complexity
fortinet CWE-134
7.2
2024-05-14 CVE-2023-45586 Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortios and Fortiproxy
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.
network
low complexity
fortinet CWE-345
5.0
2024-05-14 CVE-2023-46714 Stack-based Buffer Overflow vulnerability in Fortinet Fortios
A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests.
network
low complexity
fortinet CWE-121
7.2
2024-05-14 CVE-2023-50180 Exposure of System Data to an Unauthorized Control Sphere vulnerability in Fortinet Fortiadc
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins.
local
low complexity
fortinet CWE-497
5.5
2024-05-14 CVE-2024-23105 Use of Less Trusted Source vulnerability in Fortinet Fortiportal
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.
network
high complexity
fortinet CWE-348
7.5
2024-03-12 CVE-2023-36554 Improper Access Control vulnerability in Fortinet Fortimanager
A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
network
low complexity
fortinet CWE-284
critical
9.8
2024-03-12 CVE-2023-41842 Use of Externally-Controlled Format String vulnerability in Fortinet products
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
local
low complexity
fortinet CWE-134
6.7