Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-32116 Path Traversal vulnerability in Fortinet Fortianalyzer, Fortianalyzer BIG Data and Fortimanager
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
local
low complexity
fortinet CWE-22
6.0
2024-11-12 CVE-2024-32117 Path Traversal vulnerability in Fortinet Fortianalyzer, Fortianalyzer BIG Data and Fortimanager
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.
network
low complexity
fortinet CWE-22
4.9
2024-11-12 CVE-2024-32118 OS Command Injection vulnerability in Fortinet Fortianalyzer, Fortianalyzer BIG Data and Fortimanager
Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
local
low complexity
fortinet CWE-78
6.7
2024-11-12 CVE-2024-33505 Out-of-bounds Write vulnerability in Fortinet Fortianalyzer, Fortimanager and Fortimanager Cloud
A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests
network
low complexity
fortinet CWE-787
7.3
2024-11-12 CVE-2024-33510 Unspecified vulnerability in Fortinet Fortios and Fortiproxy
An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests.
network
low complexity
fortinet
4.3
2024-11-12 CVE-2024-35274 Path Traversal vulnerability in Fortinet Fortianalyzer
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests.
local
low complexity
fortinet CWE-22
2.3
2024-11-12 CVE-2024-36507 Untrusted Search Path vulnerability in Fortinet Forticlient
A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering.
local
low complexity
fortinet CWE-426
7.8
2024-11-12 CVE-2024-36509 Exposure of System Data to an Unauthorized Control Sphere vulnerability in Fortinet Fortiweb
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.
local
low complexity
fortinet CWE-497
4.4
2024-11-12 CVE-2024-36513 Privilege Context Switching Error vulnerability in Fortinet Forticlient
A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.
local
low complexity
fortinet CWE-270
8.8
2024-11-12 CVE-2024-40592 Improper Verification of Cryptographic Signature vulnerability in Fortinet Forticlient
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process.
local
high complexity
fortinet CWE-347
6.7