Vulnerabilities > Fortinet > High

DATE CVE VULNERABILITY TITLE RISK
2024-05-14 CVE-2023-40720 Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortivoice
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.
network
low complexity
fortinet CWE-639
7.1
2024-05-14 CVE-2023-44247 Double Free vulnerability in Fortinet Fortios
A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.
network
low complexity
fortinet CWE-415
7.2
2024-05-14 CVE-2023-45583 Use of Externally-Controlled Format String vulnerability in Fortinet products
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.
network
low complexity
fortinet CWE-134
7.2
2024-05-14 CVE-2023-46714 Stack-based Buffer Overflow vulnerability in Fortinet Fortios
A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests.
network
low complexity
fortinet CWE-121
7.2
2024-05-14 CVE-2024-23105 Use of Less Trusted Source vulnerability in Fortinet Fortiportal
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.
network
high complexity
fortinet CWE-348
7.5
2024-03-12 CVE-2023-42790 Stack-based Buffer Overflow vulnerability in Fortinet Fortios and Fortiproxy
A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
network
high complexity
fortinet CWE-121
8.1
2024-03-12 CVE-2023-46717 Improper Authentication vulnerability in Fortinet Fortios
An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts.
network
low complexity
fortinet CWE-287
8.8
2024-03-12 CVE-2023-47534 Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Forticlient Endpoint Management Server
A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets.
network
low complexity
fortinet CWE-1236
8.8
2024-02-15 CVE-2023-45581 Unspecified vulnerability in Fortinet Forticlient Enterprise Management Server
An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests.
network
low complexity
fortinet
7.2
2024-01-10 CVE-2023-44250 Improper Privilege Management vulnerability in Fortinet Fortios and Fortiproxy
An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests.
network
low complexity
fortinet CWE-269
8.8