Skip to main content

Fortianalyzer

64 CVEs product

Monthly

CVE-2026-22572 HIGH This Week

MFA bypass in Fortinet FortiManager and FortiAnalyzer 7.2.2-7.6.3 allows attackers with valid admin credentials to disable multifactor authentication through specially crafted repeated requests. This authentication bypass (CWE-288) affects multiple product lines including FortiManager Cloud, creating high risk for unauthorized administrative access. No patch is currently available, leaving affected systems vulnerable to MFA circumvention attacks.

Fortinet Authentication Bypass Fortimanager Fortianalyzer Fortimanager Cloud
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-68482 MEDIUM This Month

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack. [CVSS 6.9 MEDIUM]

Fortinet Fortimanager Fortianalyzer
NVD VulDB
CVSS 3.1
6.9
EPSS
0.0%
CVE-2025-49784 MEDIUM This Month

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. [CVSS 6.0 MEDIUM]

Fortinet SQLi Fortianalyzer Big Data Fortianalyzer
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-48418 MEDIUM This Month

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0 through 7.2.10, FortiManager 7.0.0 through 7.0.14, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command. [CVSS 6.7 MEDIUM]

Fortinet Fortimanager Fortianalyzer Cloud Fortianalyzer Fortimanager Cloud
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-52962 MEDIUM This Month

An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortimanager Fortianalyzer
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-50565 LOW Monitor

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortiweb Fortivoice Fortiproxy +3
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2024-26013 HIGH This Week

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortianalyzer Fortimanager Fortios +3
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-25610 CRITICAL Act Now

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.0% and no vendor patch available.

RCE Fortinet Fortiweb Fortiswitchmanager Fortiswitch +5
NVD
CVSS 3.1
9.8
EPSS
16.0%
CVE-2024-40585 MEDIUM This Month

An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortimanager Fortianalyzer
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52966 LOW Monitor

An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortianalyzer
NVD
CVSS 3.1
2.3
EPSS
0.0%
CVE-2024-40584 HIGH This Week

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortimanager Cloud Fortimanager Fortianalyzer Big Data +2
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-36508 MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortimanager Fortianalyzer
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-50563 HIGH This Month

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortianalyzer Fortianalyzer Cloud Fortimanager +1
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-45331 HIGH This Week

Local privilege escalation in Fortinet FortiAnalyzer, FortiManager and their Cloud variants allows an already-authenticated low-privileged user to run specific shell commands that grant elevated privileges (CWE-266, incorrect privilege assignment). The flaw spans multiple 6.4 through 7.4 branches and carries a 7.8 CVSS score with high confidentiality, integrity and availability impact. There is no public exploit identified at time of analysis and EPSS is low (0.18%), consistent with a local-only, post-authentication issue rather than a remotely wormable one.

Privilege Escalation Fortinet Fortianalyzer Fortianalyzer Cloud Fortimanager +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-48886 CRITICAL This Week

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Fortinet Fortianalyzer Fortianalyzer Cloud Fortimanager +3
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2024-36512 HIGH This Month

An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortianalyzer Fortimanager
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-35276 CRITICAL Act Now

Remote code execution in Fortinet FortiManager and FortiAnalyzer (plus their Cloud variants) arises from a stack-based buffer overflow (CWE-121) reachable via specially crafted packets, letting an attacker run unauthorized code or OS commands on the management appliance. Affected trains span 6.4, 7.0, 7.2, and 7.4 across on-prem and Cloud editions. The CVSS vector rates this 9.8 with PR:N (network, no authentication), though the low EPSS (0.17%, 38th percentile) and absence of KEV/POC signals indicate no public exploit identified at time of analysis despite the critical rating.

Stack Overflow Buffer Overflow Fortinet Fortianalyzer Fortianalyzer Cloud +2
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-35275 MEDIUM This Month

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Fortinet SQLi Fortianalyzer Fortianalyzer Cloud +2
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-35273 HIGH This Month

A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Fortinet Fortianalyzer +3
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-33503 HIGH This Week

Local privilege escalation in Fortinet FortiManager (6.4.0-6.4.14, 7.0.0-7.0.12, 7.2.0-7.2.5, 7.4.0-7.4.3) and FortiAnalyzer (6.4.0-6.4.14, 7.0.0-7.0.12, 7.2.0-7.2.5, 7.4.0-7.4.2), including their Cloud variants, lets an attacker who already holds low-privilege CLI/shell access run specific shell commands to gain elevated privileges. Full confidentiality, integrity, and availability impact result, effectively giving an attacker administrative control of the management appliance. No public exploit identified at time of analysis; the low EPSS score (0.03%, 9th percentile) indicates minimal current exploitation activity.

Privilege Escalation Fortinet Fortianalyzer Fortianalyzer Cloud Fortimanager +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-33502 MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-35274 LOW Monitor

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortianalyzer Fortianalyzer Big Data Fortimanager
NVD
CVSS 3.1
2.3
EPSS
0.2%
CVE-2024-33505 HIGH This Week

A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Fortinet Privilege Escalation Fortianalyzer +2
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-32118 MEDIUM This Month

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Command Injection Fortianalyzer Fortianalyzer Big Data Fortimanager
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-32117 MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortianalyzer Fortianalyzer Big Data Fortimanager
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2024-32116 MEDIUM This Month

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortianalyzer Fortianalyzer Big Data Fortimanager
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-31496 MEDIUM This Month

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fortinet Stack Overflow Fortianalyzer Fortianalyzer Big Data +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-23666 HIGH This Week

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortianalyzer Fortianalyzer Big Data Fortimanager
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2024-45330 HIGH This Week

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Fortianalyzer Fortianalyzer Cloud
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-21757 HIGH This Week

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortianalyzer Fortimanager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-40719 MEDIUM This Month

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortianalyzer Fortimanager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-44256 MEDIUM POC This Month

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Fortinet Path Traversal SSRF Information Disclosure Fortianalyzer +1
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-44249 MEDIUM This Month

An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortianalyzer Fortimanager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-42788 MEDIUM POC This Month

An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fortianalyzer Fortimanager
NVD GitHub
CVSS 3.1
6.7
EPSS
1.3%
CVE-2023-42787 MEDIUM POC This Month

A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Fortinet RCE Fortianalyzer Fortimanager
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-42782 MEDIUM This Month

A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortianalyzer
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-41838 HIGH This Week

An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortianalyzer Fortimanager
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-25607 HIGH This Week

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortiadc Fortianalyzer Fortimanager
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2023-36638 MEDIUM This Month

An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortianalyzer Fortimanager
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-25606 MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25609 MEDIUM This Month

A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-22642 HIGH This Week

An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortianalyzer Fortimanager
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-25611 HIGH This Week

A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortianalyzer
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-23776 LOW Monitor

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Fortianalyzer
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2022-38377 LOW PATCH Monitor

An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Fortianalyzer Fortimanager
NVD
CVSS 3.1
2.7
EPSS
0.5%
CVE-2022-39950 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortimanager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-26121 MEDIUM This Month

An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortimanager Fortianalyzer
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-26118 MEDIUM PATCH This Month

A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-22300 HIGH This Week

A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortianalyzer Fortimanager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-42757 MEDIUM This Month

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Fortinet Fortiadc Fortianalyzer +11
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2021-36170 LOW Monitor

An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortianalyzer Fortimanager
NVD
CVSS 3.1
3.2
EPSS
0.2%
CVE-2021-24021 MEDIUM This Month

An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-32597 MEDIUM This Month

Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortimanager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-32587 MEDIUM This Month

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortianalyzer Fortimanager
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-32603 MEDIUM This Month

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-32598 MEDIUM This Month

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Fortianalyzer Fortimanager
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-24022 MEDIUM This Month

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Fortianalyzer Fortimanager
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-12815 MEDIUM This Month

An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortitester
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-12811 MEDIUM This Month

An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-12817 HIGH This Week

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortitester
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-9289 HIGH This Week

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Fortianalyzer Fortimanager
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-6640 MEDIUM This Month

An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2018-1355 MEDIUM This Month

An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Open Redirect Fortianalyzer Fortimanager
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-1354 MEDIUM This Month

An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortianalyzer Fortimanager
NVD
CVSS 3.0
6.5
EPSS
1.7%
EPSS 0% CVSS 7.2
HIGH This Week

MFA bypass in Fortinet FortiManager and FortiAnalyzer 7.2.2-7.6.3 allows attackers with valid admin credentials to disable multifactor authentication through specially crafted repeated requests. This authentication bypass (CWE-288) affects multiple product lines including FortiManager Cloud, creating high risk for unauthorized administrative access. No patch is currently available, leaving affected systems vulnerable to MFA circumvention attacks.

Fortinet Authentication Bypass Fortimanager +2
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack. [CVSS 6.9 MEDIUM]

Fortinet Fortimanager Fortianalyzer
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. [CVSS 6.0 MEDIUM]

Fortinet SQLi Fortianalyzer Big Data +1
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0 through 7.2.10, FortiManager 7.0.0 through 7.0.14, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command. [CVSS 6.7 MEDIUM]

Fortinet Fortimanager Fortianalyzer Cloud +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortimanager Fortianalyzer
NVD
EPSS 0% CVSS 3.1
LOW Monitor

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortiweb +5
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortianalyzer +5
NVD
EPSS 16% CVSS 9.8
CRITICAL Act Now

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.0% and no vendor patch available.

RCE Fortinet Fortiweb +7
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortimanager Fortianalyzer
NVD
EPSS 0% CVSS 2.3
LOW Monitor

An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortianalyzer
NVD
EPSS 0% CVSS 7.2
HIGH This Week

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortimanager Cloud +4
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortimanager +1
NVD
EPSS 0% CVSS 7.3
HIGH This Month

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortianalyzer +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Fortinet FortiAnalyzer, FortiManager and their Cloud variants allows an already-authenticated low-privileged user to run specific shell commands that grant elevated privileges (CWE-266, incorrect privilege assignment). The flaw spans multiple 6.4 through 7.4 branches and carries a 7.8 CVSS score with high confidentiality, integrity and availability impact. There is no public exploit identified at time of analysis and EPSS is low (0.18%), consistent with a local-only, post-authentication issue rather than a remotely wormable one.

Privilege Escalation Fortinet Fortianalyzer +3
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL This Week

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Fortinet Fortianalyzer +5
NVD
EPSS 1% CVSS 7.2
HIGH This Month

An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortianalyzer +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in Fortinet FortiManager and FortiAnalyzer (plus their Cloud variants) arises from a stack-based buffer overflow (CWE-121) reachable via specially crafted packets, letting an attacker run unauthorized code or OS commands on the management appliance. Affected trains span 6.4, 7.0, 7.2, and 7.4 across on-prem and Cloud editions. The CVSS vector rates this 9.8 with PR:N (network, no authentication), though the low EPSS (0.17%, 38th percentile) and absence of KEV/POC signals indicate no public exploit identified at time of analysis despite the critical rating.

Stack Overflow Buffer Overflow Fortinet +4
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM This Month

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Fortinet SQLi +4
NVD
EPSS 0% CVSS 7.2
HIGH This Month

A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Fortinet FortiManager (6.4.0-6.4.14, 7.0.0-7.0.12, 7.2.0-7.2.5, 7.4.0-7.4.3) and FortiAnalyzer (6.4.0-6.4.14, 7.0.0-7.0.12, 7.2.0-7.2.5, 7.4.0-7.4.2), including their Cloud variants, lets an attacker who already holds low-privilege CLI/shell access run specific shell commands to gain elevated privileges. Full confidentiality, integrity, and availability impact result, effectively giving an attacker administrative control of the management appliance. No public exploit identified at time of analysis; the low EPSS score (0.03%, 9th percentile) indicates minimal current exploitation activity.

Privilege Escalation Fortinet Fortianalyzer +3
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortianalyzer +1
NVD
EPSS 0% CVSS 2.3
LOW Monitor

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortianalyzer +2
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Fortinet +4
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Command Injection Fortianalyzer +2
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortianalyzer +2
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortianalyzer +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fortinet Stack Overflow +3
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortianalyzer +2
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Fortianalyzer +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortianalyzer +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortianalyzer +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Fortinet Path Traversal SSRF +3
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortianalyzer +1
NVD GitHub
EPSS 1% CVSS 6.7
MEDIUM POC This Month

An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fortianalyzer Fortimanager
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Fortinet RCE Fortianalyzer +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortianalyzer
NVD
EPSS 1% CVSS 7.1
HIGH This Week

An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortianalyzer Fortimanager
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortiadc Fortianalyzer +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortianalyzer Fortimanager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortianalyzer Fortimanager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Fortianalyzer Fortimanager
NVD
EPSS 0% CVSS 8.1
HIGH This Week

An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortianalyzer Fortimanager
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortianalyzer
NVD
EPSS 0% CVSS 3.1
LOW Monitor

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Fortianalyzer
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Fortianalyzer Fortimanager
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortimanager
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortimanager Fortianalyzer
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Fortianalyzer Fortimanager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortianalyzer +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Fortinet +13
NVD
EPSS 0% CVSS 3.2
LOW Monitor

An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortianalyzer Fortimanager
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortimanager
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortianalyzer Fortimanager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Fortianalyzer Fortimanager
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Fortianalyzer +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Fortianalyzer +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortitester
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortimanager
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortitester
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Fortianalyzer +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Open Redirect Fortianalyzer +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortianalyzer +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy