Fortinet Latest Vulnerabilities

December 19

Relative Path Traversal Vulnerability in FortiWAN Products

CVE-2021-26102
FortinetFortiwan9.8CRITICAL

Use After Free Vulnerability in Fortinet FortiManager and FortiAnalyzer

CVE-2021-32589
FortinetFortimanager7.7HIGH

OS Command Injection Vulnerability in FortiWAN Products

CVE-2021-26115
FortinetFortiwan7.6HIGH

Local Privilege Escalation Vulnerability in FortiClient for Linux

CVE-2020-15934
FortinetForticlientlinux8.6HIGH

Buffer Overflow Vulnerability in FortiOS Products

CVE-2020-12820
FortinetFortiOS5.4MEDIUM

Local Access Control Vulnerability in Fortinet's Wireless Controller Products

CVE-2021-26093
FortinetFortiwlc6.6MEDIUM

Heap-Based Buffer Overflow Vulnerability in Fortinet's FortiGate SSL VPN

CVE-2020-12819
FortinetFortiOS5.4MEDIUM

December 18

CVE-2024-48889
FortinetFortimanager7.2HIGH

Path Traversal Vulnerability in Fortinet FortiWLM

CVE-2023-34990
FortinetFortiwlm👾9.6CRITICAL

November 13

Low-privilege attacker can execute arbitrary code with high privileges via spoofed named pipe messages

CVE-2024-47574
Fortinet👾

November 12

CVE-2024-40592
FortinetForticlient6.7MEDIUM

CVE-2024-36509
FortinetFortiweb4.4MEDIUM

CVE-2024-36507
FortinetForticlient7.8HIGH

CVE-2024-26011
FortinetFortiOS9.8CRITICAL

CVE-2024-36513
FortinetForticlient8.8HIGH

Potential Exposure of Sensitive Information Through Crafted HTTP or HTTPS Requests

CVE-2023-44255
FortinetFortimanager3.9LOW

Auth Bypass via User-Controlled Key Vulnerability

CVE-2023-47543
FortinetFortiportal5.1MEDIUM

Session Fixation Vulnerability in Fortinet FortiOS Could Lead to Unauthorized Code Execution

CVE-2023-50176
FortinetFortiOS8.8HIGH

October 23

Specially crafted requests can execute arbitrary code or commands in FortiManager

CVE-2024-47575
FortinetFortimanager🔥😄👾9.8CRITICAL

October 8

External Control of Privileges via Format String Flaw in FortiAnalyzer

CVE-2024-45330
FortinetFortianalyzer7.2HIGH

Unauthorized Access to Sensitive Information via Crafted HTTP Requests

CVE-2024-33506
FortinetFortimanager3.1LOW

September 11

Brute Force Attack Through Change Password Endpoint

CVE-2024-45327
FortinetFortisoar7.1HIGH

September 10

Improper Certificate Validation Vulnerability May Allow Unauthenticated MITM Attack on SAML SSO Feature

CVE-2022-45856
FortinetForticlientiOS5.9MEDIUM

FortiClientEMS Vulnerability Allows Path Traversal and Denial of Service

CVE-2024-21753
FortinetForticlientems6MEDIUM

FortiClient Zero-Day Vulnerability Allows Remote Man-in-the-Middle Attacks

CVE-2024-31489
FortinetForticlientmac8.1HIGH

Potential vulnerbility in FortiADC WAF could allow unauthorized access to encrypted and signed cookies

CVE-2024-36511
FortinetFortiadc3.7LOW

Vulnerability in Cleartext Storage of Sensitive Information Could Lead to Password Theft

CVE-2024-35282
FortinetForticlientiOS4.6MEDIUM

UnAuthenticated Command Injection Vulnerability in FortiClientEMS

CVE-2024-33508
FortinetForticlientems7.3HIGH

Remote Sensitive Data Read with Low Privileges

CVE-2023-44254
FortinetFortianalyzer6.5MEDIUM

FortiSandbox vulnerability exposes sensitive information to unauthorized actors via HTTP get requests

CVE-2024-31490
FortinetFortisandbox6.5MEDIUM

Admin Access to Backend Logs of Other Organizations via REST API

CVE-2024-45323
FortinetFortiedr Manager2.7LOW

August 13

FortiManager Password Modification Vulnerability

CVE-2024-21757
FortinetFortimanager7.8HIGH

Fortinet's FortiDDoS Vulnerable to Command Injection Attacks

CVE-2022-27486
FortinetFortiddos7.8HIGH

Insufficient Session Expiration Vulnerability Affects FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager

CVE-2022-45862
FortinetFortipam8.8HIGH

Improper Access Control Vulnerability May Allow Bypass of File Integrity Checking System

CVE-2024-36505
FortinetFortiOS5.5MEDIUM

Arbitrary Web Script or HTML Injection in FortiSOAR 7.3.0-7.3.2

CVE-2023-26211
FortinetFortisoar9CRITICAL

July 9

CVE-2024-21759
FortinetFortiportal4.3MEDIUM

CVE-2023-50181
FortinetFortiadc6.5MEDIUM

CVE-2024-27783
FortinetFortiaiops8.8HIGH

Improper Access Control in FortiExtender Could Lead to Elevated Privileges

CVE-2024-23663
FortinetFortiextender Firmware8.8HIGH

CVE-2024-26015
FortinetFortiproxy4.7MEDIUM

CVE-2023-50179
FortinetFortiadc5.9MEDIUM

CVE-2024-27784
FortinetFortiaiops6.5MEDIUM

CVE-2024-27785
FortinetFortiaiops6.5MEDIUM

CVE-2023-50178
FortinetFortiadc7.4HIGH

CVE-2024-27782
FortinetFortiaiops9.8CRITICAL

CVE-2024-33509
FortinetFortiweb4.8MEDIUM

June 11

CVE-2024-26010
FortinetFortipam7.5HIGH

FortiOS Vulnerability Allows Privileged Attacker to Decrypt Backups

CVE-2024-21754
FortinetFortiproxy4.4MEDIUM

Unauthorized Code Execution via SQL Injection in FortiSOAR

CVE-2023-23775
FortinetFortisoar5.9MEDIUM

Buffer Overflow Vulnerability in FortiOS Could Allow Execution of Unauthorized Code or Commands

CVE-2023-46720
FortinetFortiOS7.8HIGH

FortiOS Vulnerability Allows Privileged Attacker to Decrypt Backups

CVE-2024-23111
FortinetFortiOS👾4.8MEDIUM

Buffer Overflow Vulnerability in FortiOS Could Lead to Unauthorized Code Execution

CVE-2024-23110
FortinetFortiOS7.8HIGH

Fortinet FortiPortal SQL Injection Vulnerability Allows Unauthorized Information Access

CVE-2024-31495
FortinetFortiportal3.9LOW

June 5

Unauthorized Code Execution Vulnerability in FortiWebManager

CVE-2024-23669
FortinetFortiwebmanager8.8HIGH

June 3

Unauthorized ADOM Operations via Crafted Requests

CVE-2024-23665
FortinetFortiweb8.8HIGH

Fortinet FortiAuthenticator Open Redirect Vulnerability

CVE-2024-23664
FortinetFortiauthenticator5.8MEDIUM

Unauthorized Code Execution Vulnerability in FortiWebManager

CVE-2024-23667
FortinetFortiwebmanager8.8HIGH

Unauthorized Code Execution Vulnerability in FortiWebManager

CVE-2024-23668
FortinetFortiwebmanager8.8HIGH

Unauthorized Code Execution Vulnerability in FortiWebManager

CVE-2024-23670
FortinetFortiwebmanager8.8HIGH

FortiPortal Vulnerability Allows Improper Access Control via Crafted HTTP Requests

CVE-2023-48789
FortinetFortiportal4.1MEDIUM

Plain-text Connector Passwords Vulnerability

CVE-2024-31493
FortinetFortisoar6MEDIUM

Unauthorized Access to Sensitive Information in FortiWeb Products

CVE-2024-23107
FortinetFortiweb5.5MEDIUM

May 14

CVE-2023-36640
FortinetFortiproxy6.7MEDIUM

CVE-2023-45583
FortinetFortiproxy7.2HIGH

CVE-2024-23105
FortinetFortiportal7.5HIGH

CVE-2023-50180
FortinetFortiadc5.2MEDIUM

CVE-2023-46714
FortinetFortiOS7.2HIGH

CVE-2023-44247
FortinetFortiOS7.2HIGH

CVE-2023-40720
FortinetFortivoice7.1HIGH

CVE-2023-45586
FortinetFortiproxy4.7MEDIUM

CVE-2024-26007
FortinetFortiOS7.5HIGH

CVE-2024-31488
FortinetFortinac6.1MEDIUM

CVE-2024-31491
FortinetFortisandbox8.6HIGH

April 10

Arbitrary Code Execution Vulnerability in FortiClientMac Installer

CVE-2024-31492
FortinetForticlientmac7.8HIGH

April 9

FortiSandbox Command Injection Vulnerability

CVE-2024-21755
FortinetFortisandbox8.6HIGH

Arbitrary Code Execution Vulnerability in FortiOS Command Line Interface

CVE-2023-48784
FortinetFortiOS6.1MEDIUM

FortiManager Template Engine Vulnerability Allows Unauthorized Code Execution

CVE-2023-47542
FortinetFortimanager6.3MEDIUM

FortiSandbox Command Injection Vulnerability

CVE-2024-21756
FortinetFortisandbox8.6HIGH

FortiSandbox Command Injection Vulnerability

CVE-2023-47540
FortinetFortisandbox6.5MEDIUM

FortiSandbox Path Traversal Vulnerability Could Lead to Information Disclosure

CVE-2024-31487
FortinetFortisandbox5.8MEDIUM

Unauthorized Code Execution via Targeted Social Engineering Attack

CVE-2023-41677
FortinetFortiOS8.8HIGH

FortiSandbox Path Traversal Vulnerability Allows Unauthorized Code Execution

CVE-2024-23671
FortinetFortisandbox7.9HIGH

CVE-2023-47541
FortinetFortisandbox6.5MEDIUM

FortiClientLinux Code Injection Vulnerability Allows Unauthorized Code Execution

CVE-2023-45590
FortinetForticlientlinux9.4CRITICAL

Fortinet FortiOS Information Disclosure Vulnerability

CVE-2024-23662
FortinetFortiOS7.5HIGH

March 12

Unauthorized Code Execution Vulnerability in FortiClientEMS

CVE-2023-47534
FortinetForticlientems8.7HIGH

Improper Authentication Vulnerability in FortiOS Could Allow Read-Write Access via Successive Login Attempts

CVE-2023-46717
FortinetFortiOS6.7MEDIUM

FortiClientEMS SQL Injection Vulnerability Allows Unauthorized Code Execution

CVE-2023-48788
FortinetForticlientems🔥😄👾9.3CRITICAL

Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution via HTTP Requests

CVE-2023-42789
FortinetFortiOS👾9.3CRITICAL

Authorization Bypass through User-Controlled Key Vulnerability

CVE-2024-23112
FortinetFortios4.3MEDIUM

Buffer Overflow Vulnerability in FortiOS Could Allow Execution of Unauthorized Code

CVE-2023-42790
FortinetFortiOS7.7HIGH

Improper Authorization Vulnerability in FortiPortal Could Allow Download of Other Organizations' Reports

CVE-2024-21761
FortinetFortiportal3.9LOW

FortiManager Vulnerability Allows Privileged Attacker to Execute Unauthorized Code

CVE-2023-41842
FortinetFortimanager6.3MEDIUM

Unauthorized Code Execution Vulnerability in FortiManager

CVE-2023-36554
FortinetFortimanager7.7HIGH

February 22

Fortinet FortiOS Vulnerability Allows Denial of Service via Specially Crafted HTTP Requests

CVE-2023-29180
FortinetFortiOS7.5HIGH

Fortinet FortiOS Vulnerability Allows Denial of Service via Specially Crafted HTTP Requests

CVE-2023-29179
FortinetFortiproxy6.5MEDIUM

CVE-2023-29181
FortinetFortipam8.8HIGH

February 20

Fortinet FortiManager Path Traversal Vulnerability Allows Unauthorized Code Execution

CVE-2023-42791
FortinetFortiManager8.8HIGH

February 15

Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution

CVE-2024-23113
FortinetFortiswitchmanager🔥😄👾9.8CRITICAL