Vulnerabilities > Fortinet > Fortianalyzer

DATE CVE VULNERABILITY TITLE RISK
2024-10-08 CVE-2024-45330 Unspecified vulnerability in Fortinet Fortianalyzer and Fortianalyzer Cloud
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
network
low complexity
fortinet
7.2
2024-09-10 CVE-2023-44254 Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortianalyzer and Fortimanager
An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.
network
low complexity
fortinet CWE-639
6.5
2024-08-13 CVE-2024-21757 Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager
A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.
local
low complexity
fortinet
7.8
2024-03-12 CVE-2023-41842 Unspecified vulnerability in Fortinet products
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
local
low complexity
fortinet
6.7
2024-02-15 CVE-2023-44253 Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.
network
low complexity
fortinet
5.0
2023-11-14 CVE-2023-40719 Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials.
local
low complexity
fortinet
5.5
2023-10-20 CVE-2023-44256 Server-Side Request Forgery (SSRF) vulnerability in Fortinet Fortianalyzer and Fortimanager
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.
network
low complexity
fortinet CWE-918
6.5
2023-10-10 CVE-2023-25607 OS Command Injection vulnerability in Fortinet Fortiadc, Fortianalyzer and Fortimanager
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC  7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function.
local
low complexity
fortinet CWE-78
7.8
2023-10-10 CVE-2023-41838 OS Command Injection vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.
local
low complexity
fortinet CWE-78
7.1
2023-10-10 CVE-2023-42782 Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortianalyzer
A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.
network
low complexity
fortinet CWE-345
5.3