27
Open CVEs
1
Exploited
1
KEV
27
Unpatched
19
No Workaround
19
Internet-facing
Why this provider is risky now
This provider has 27 open CVE(s) in the last 14 days. 1 listed in CISA KEV (known exploited). 27 have no vendor patch. 19 affect internet-facing services. 4 impact the management/identity plane.
1 KEV
1 Exploited
27 Unpatched
4 Mgmt / Admin Plane
1 Public PoC
19 No Workaround
19 Internet-facing
Top Risky CVEs
Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execute arbitrary code via crafted network requests. The vulnerability stems from improper access control (CWE-284) and requires no user interaction or privileges (CVSS PR:N). With a CVSS score of 9.1 (Critical) and low attack complexity, this represents a severe exposure for organizations using affected FortiClientEMS versions. The CVSS temporal metrics indicate functional exploit code exists (E:F) with an official fix available (RL:O), making this a high-priority patching target despite no confirmed active exploitation (not present in CISA KEV).
Within 24 hours: Identify all FortiClientEMS installations and confirm versions 7.4.5 and 7.4.6 inventory; contact Fortinet for available patches or interim versions. Within 7 days: Apply vendor-released patch immediately upon availability; if unavailable, isolate affected FortiClientEMS servers from untrusted networks and restrict network access to administrative personnel only. Within 30 days: Complete deployment of patched FortiClientEMS version across all instances; conduct forensic analysis of systems for unauthorized access during unpatched exposure period.
Edge exposure
ICT dependency
Active exploitation
No patch available
Management plane
KEV
PoC
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing technique: authentication-bypass
- • Third-party ICT: Fortinet
- • Exploited in the wild (CISA KEV)
- • No patch available
- • Management plane (Improper Access Control)
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Fortinet (Network & Security)
- • Known exploited vulnerability (KEV)
- • No remediation available
- • Authentication / access control weakness
9.8
CVSS
0.0%
EPSS
124
Priority
OS command injection in Fortinet FortiSandbox 4.4.0 through 4.4.8 and FortiSandbox PaaS (versions 21.3 through 23.4) allows unauthenticated remote attackers to execute arbitrary commands or code via unsanitized input to vulnerable components. The CVSS 9.8 (Critical) score reflects network-accessible exploitation requiring no authentication or user interaction. No public exploit identified at time of analysis, though the vulnerability class (CWE-78) is commonly weaponized. Attack surface includes both on-premise FortiSandbox appliances and cloud-based PaaS offerings used for malware analysis.
Within 24 hours: Identify all FortiSandbox instances (on-premise and PaaS) in your environment and inventory their versions; immediately isolate or restrict network access to any instance running 4.4.0-4.4.8 or PaaS 21.3-23.4 unless critical business justification exists. Within 7 days: Contact Fortinet support to obtain patched versions and prioritize PaaS instances for upgrade (typically faster than on-premise); implement network segmentation so FortiSandbox has minimal lateral movement capability if compromised. Within 30 days: Complete upgrade of all affected instances to patched releases; verify successful patching via version confirmation and Fortinet's security advisories.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-78: OS Command Injection)
- • Third-party ICT: Fortinet
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Fortinet (Network & Security)
- • No remediation available
9.8
CVSS
0.3%
EPSS
54
Priority
Path traversal vulnerability in Fortinet FortiSandbox allows unauthenticated remote attackers to achieve privilege escalation with critical severity (CVSS 9.8). Affects FortiSandbox versions 4.4.0-4.4.8, 5.0.0-5.0.5, and FortiSandbox Cloud versions 23.4, 24.1, and 5.0.4-5.0.5. The vulnerability enables complete system compromise through network-accessible exploitation requiring no user interaction or privileges (CVSS:3.1/AV:N/AC:L/PR:N/UI:N). No public exploit or active exploitation confirmed at time of analysis, though the straightforward attack complexity and network attack vector present significant risk to exposed FortiSandbox instances.
Within 24 hours: Inventory all FortiSandbox deployments, verify version numbers, and isolate any exposed instances from untrusted networks pending remediation. Within 7 days: Implement network segmentation to restrict FortiSandbox access to authorized personnel only, enable enhanced logging, and contact Fortinet for patch timeline. Within 30 days: Apply vendor-released patches immediately upon availability; if unavailable, engage Fortinet support for compensating controls or migration to patched versions.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing technique: path-traversal
- • Third-party ICT: Fortinet
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Fortinet (Network & Security)
- • No remediation available
9.8
CVSS
0.1%
EPSS
54
Priority
SQL injection in Fortinet FortiDDoS-F 7.2.1-7.2.2 allows authenticated remote attackers to execute unauthorized code or commands with high impact to confidentiality, integrity, and availability. The vulnerability resides in the web management interface and requires low attack complexity with no user interaction. No public exploit identified at time of analysis, with EPSS data not yet available for this recently disclosed CVE.
Within 24 hours: Inventory all Fortinet FortiDDoS-F installations and identify systems running versions 7.2.1 or 7.2.2; restrict administrative access to the web management interface to trusted networks only via firewall rules. Within 7 days: Contact Fortinet support for patch availability timeline and interim guidance; consider isolating affected FortiDDoS-F instances from production traffic if alternative DDoS mitigation capacity exists. Within 30 days: Apply vendor-released patch immediately upon availability; if no patch is released, evaluate migration to patched versions or alternative DDoS solutions.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-89: SQL Injection)
- • Third-party ICT: Fortinet
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Fortinet (Network & Security)
- • No remediation available
8.8
CVSS
0.1%
EPSS
44
Priority
Remote code execution in Fortinet FortiAnalyzer Cloud and FortiManager Cloud versions 7.6.2 through 7.6.4 allows unauthenticated remote attackers to execute arbitrary code via crafted network requests exploiting a heap-based buffer overflow (CWE-122). Attack complexity is rated high due to ASLR and network segmentation defenses requiring significant exploitation preparation. CVSS score of 8.1 reflects the critical impact despite defensive barriers. No public exploit identified at time of analysis, though the vulnerability's disclosure by Fortinet suggests patch availability through their security advisory FG-IR-26-121.
Within 24 hours: Verify which FortiAnalyzer Cloud and FortiManager Cloud instances are running versions 7.6.2, 7.6.3, or 7.6.4 in your environment; contact Fortinet support directly regarding patch status and timeline for advisory FG-IR-26-121. Within 7 days: Apply patches to all affected instances immediately upon availability or implement network-level mitigations if patching is delayed. Within 30 days: Complete patching of all in-scope systems and validate remediation through Fortinet security advisories.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing technique: rce
- • Third-party ICT: Fortinet
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Fortinet (Network & Security)
- • No remediation available
8.1
CVSS
0.1%
EPSS
40
Priority
Authentication bypass in Fortinet FortiSOAR allows unauthenticated remote attackers to circumvent two-factor authentication (2FA) protections via replay attacks against intercepted authentication tokens. Affects both PaaS and on-premise deployments of FortiSOAR versions 7.5.0-7.5.2 and 7.6.0-7.6.3. Successful exploitation requires network positioning to intercept and decrypt authentication traffic, then replay captured 2FA requests before token expiration (CVSS:3.1/AV:N/AC:H/PR:N/UI:R). EPSS data not available; no public exploit code or CISA KEV listing identified at time of analysis, though the precise attack requirements (traffic interception, decryption, timing) increase complexity beyond simple network access.
Within 24 hours: Identify all FortiSOAR instances in use and document versions and deployment type (PaaS or on-premise); implement network segmentation to restrict access to FortiSOAR management interfaces to trusted security personnel only. Within 7 days: Contact Fortinet support for fixed version availability timeline; plan upgrade testing in isolated environment. Within 30 days: Upgrade all affected instances to a patched version once released by Fortinet; conduct security audit of authentication logs for suspicious token replay activity during the interim period.
Edge exposure
ICT dependency
No patch available
Management plane
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-287: Improper Authentication)
- • Third-party ICT: Fortinet
- • No patch available
- • Management plane (Improper Authentication)
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Fortinet (Network & Security)
- • No remediation available
- • Authentication / access control weakness
7.5
CVSS
0.1%
EPSS
38
Priority
Out-of-bounds write in FortiWeb administrative interface enables authenticated remote code execution on web application firewall appliances. Affects FortiWeb 7.4.0-7.4.11, 7.6.0-7.6.6, and 8.0.0-8.0.3. CVSS 7.2 indicates high-privilege authenticated network attack with low complexity. No public exploit identified at time of analysis, though the incomplete advisory description ('<insert attack vector here>') suggests disclosure may be pending or sanitized. Memory corruption class (CWE-787) typically enables arbitrary code execution, confirmed by CVSS impact ratings (High C/I/A). EPSS data not available for risk probability assessment.
Within 24 hours: inventory all FortiWeb deployments and document versions (7.4.0-7.4.11, 7.6.0-7.6.6, 8.0.0-8.0.3); disable or restrict network access to administrative interfaces via firewall rules to non-essential personnel only. Within 7 days: implement strict administrative account controls (enforce MFA, audit active admin sessions, disable unused accounts) and monitor FortiWeb logs for abnormal authentication patterns. Within 30 days: engage Fortinet support for patch availability confirmation and prepare upgrade paths to the next patched release; test and deploy patched versions as soon as released.
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Fortinet
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Fortinet (Network & Security)
- • No remediation available
7.2
CVSS
0.4%
EPSS
36
Priority
SQL injection in Fortinet FortiAnalyzer and FortiManager versions 7.0-7.6 allows privileged authenticated attackers to execute unauthorized code or commands via the JSON RPC API. This affects both on-premises and cloud variants across multiple major version branches (7.0, 7.2, 7.4, 7.6). The vulnerability requires high-privilege authentication (CVSS PR:H) but is remotely exploitable with low attack complexity. No public exploit identified at time of analysis, though the network attack vector and code execution capability make this a priority for organizations running affected Fortinet management infrastructure.
Within 24 hours: Inventory all FortiAnalyzer and FortiManager instances running versions 7.0, 7.2, 7.4, or 7.6 and restrict JSON RPC API access to trusted internal networks only via firewall rules. Within 7 days: Implement enhanced monitoring and audit logging for all administrative account activity on affected systems, and review admin account credentials for any signs of compromise. Within 30 days: Contact Fortinet support to obtain and deploy security patches when available; if patches remain unavailable, evaluate migration to patched versions or alternative management solutions.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-89: SQL Injection)
- • Third-party ICT: Fortinet
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Fortinet (Network & Security)
- • No remediation available
7.2
CVSS
0.0%
EPSS
36
Priority
6.7
CVSS
0.0%
EPSS
34
Priority
Local privilege escalation in Fortinet FortiWeb 7.0.10-8.0.2 allows high-privileged local attackers to execute arbitrary code or commands through relative path traversal, exploiting improper file path validation with CVSS 6.7 (high confidentiality, integrity, and availability impact). No public exploit code or active exploitation confirmed at time of analysis.
Edge exposure
ICT dependency
Why flagged?
6.7
CVSS
0.0%
EPSS
34
Priority
By Exposure
Internet-facing
19
Mgmt / Admin Plane
4
Identity / Auth
3
Internal only
7
By Exploitability
Known exploited
1
Public PoC
1
High EPSS (>30%)
0
Remote unauthenticated
6
Local only
5
By Remediation
Patch available
0
No patch
27
Workaround available
8
No workaround
19
Affected Services / Product Families
Fortinet
27 CVE(s)
+ 17 more