Skip to main content

Fortios

164 CVEs product

Monthly

CVE-2026-59840 MEDIUM This Month

Buffer over-read in Fortinet FortiOS and FortiProxy exposes sensitive memory contents to authenticated network attackers across multiple product lines including FortiPAM and FortiSwitchManager. The flaw, rooted in CWE-126 (buffer over-read), allows low-privileged remote users to read beyond allocated buffer boundaries, resulting in partial information disclosure with no integrity or availability impact. No active exploitation confirmed in CISA KEV, but the CVSS temporal vector includes E:P indicating proof-of-concept exploit code exists, and an official fix is available per RL:O.

Fortinet Buffer Overflow Information Disclosure Fortios Fortipam +2
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-43892 MEDIUM This Month

FortiOS across the 7.2, 7.4, and 7.6 release trains leaks portions of device runtime memory to authenticated remote attackers via a buffer over-read in redirect response handling. Exploitation requires valid credentials but no elevated privileges, and proof-of-concept code exists (CVSS temporal E:P). An official vendor fix is confirmed available (RL:O), though unpatched instances of FortiOS 7.2.x, 7.4.0-7.4.8, and 7.6.0-7.6.2 remain at risk of sensitive memory disclosure - a consequential exposure given that FortiOS processes session tokens, credentials, and cryptographic material at runtime.

Fortinet Buffer Overflow Fortios
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2026-23573 MEDIUM This Month

Reflected or stored cross-site scripting in Fortinet FortiOS, FortiPAM, and FortiProxy web interfaces allows a remote unauthenticated attacker to execute JavaScript in the browser session of an authenticated administrator via crafted HTTP requests. The CVSS temporal metric E:P confirms publicly available proof-of-concept exploit code exists, and the RL:O metric confirms Fortinet has released an official fix. No active exploitation has been confirmed by CISA KEV at time of analysis, but the combination of a POC and the high-value targets (network security appliances and privileged access management systems) elevates real-world risk beyond what the base CVSS score of 6.1 suggests.

Fortinet XSS Fortios Fortiproxy Fortipam
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2026-59839 MEDIUM This Month

Path traversal (CWE-22) in Fortinet FortiOS, FortiProxy, and FortiPAM enables a highly-privileged, physically-present attacker to execute unauthorized code or commands by escaping restricted directory boundaries. The vendor-supplied CVSS vector (AV:P/PR:H) constrains exploitation to scenarios requiring both physical device access and high-level credentials, making opportunistic or remote mass exploitation implausible. A proof-of-concept exists per the CVSS temporal indicator (E:P), and Fortinet has released an official fix per PSIRT advisory FG-IR-26-151; this vulnerability is not currently listed in the CISA KEV catalog.

Fortinet Path Traversal Fortiproxy Fortios Fortipam
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-62826 MEDIUM This Month

HTTP Response Splitting in Fortinet FortiOS and FortiProxy captive portal authentication flows enables a man-in-the-middle attacker to inject arbitrary HTTP headers into intercepted authentication requests. Affected platforms span FortiOS 7.2-7.6.4 and FortiProxy 7.2-7.6.4. The CVSS temporal vector includes E:P, confirming proof-of-concept exploit code exists; however, no active exploitation has been confirmed via CISA KEV. The RL:O temporal indicator confirms an official remediation is available per vendor advisory FG-IR-26-153.

Fortinet Code Injection Fortipam Fortiproxy Fortios
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-62675 MEDIUM This Month

HTTP Response Splitting in Fortinet FortiOS and FortiProxy enables an attacker who holds a valid web filter override token to inject arbitrary HTTP headers into server responses by tricking a user into clicking a crafted link. Affected versions span FortiOS 7.2 through 7.6.4 and FortiProxy 7.2 through 7.6.4. No active exploitation has been confirmed by CISA KEV, though the CVSS temporal vector includes E:P, indicating partial proof-of-concept evidence exists. Real-world impact is constrained by the requirement to possess a valid web filter override token and to achieve user interaction.

Fortinet Code Injection Fortios Fortipam Fortiproxy
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-59837 MEDIUM This Month

Stack-based buffer overflow in Fortinet FortiOS, FortiPAM, FortiProxy, and FortiSASE enables arbitrary code execution for a privileged authenticated attacker capable of bypassing ASLR and stack canary protections via crafted HTTP requests. The CVSS temporal metric E:P confirms proof-of-concept exploit code exists, and RL:O confirms an official patch has been released by Fortinet (advisory FG-IR-26-148). This vulnerability is not listed in CISA KEV at time of analysis, and the dual prerequisites of privileged access plus memory-protection bypass substantially constrain real-world exploitability despite the critical CIA impact triad.

Fortinet Buffer Overflow Stack Overflow RCE Fortipam +3
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2025-67862 MEDIUM This Month

Fortinet FortiOS and FortiProxy expose an internal debug interface (CWE-1244) that allows authenticated administrators to execute arbitrary Lua scripts through crafted CLI commands, exceeding their intended administrative scope. The vulnerability spans broad version ranges of both products, including FortiOS 6.4 through 7.6.2 and FortiProxy 7.0 through 7.6.3. While exploitation requires existing high-privilege (admin) access - limiting opportunistic attack surface - the CVSS temporal vector (E:P) confirms a proof-of-concept exploit exists, and the official fix is available (RL:O). No public exploit identified at time of analysis beyond the proof-of-concept, and this vulnerability is not listed in CISA KEV.

Fortinet Information Disclosure Fortios Fortiproxy
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-22153 HIGH This Week

Fortios versions up to 7.6.4 contains a vulnerability that allows attackers to an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FS (CVSS 8.1).

Fortinet Fortigate LDAP Authentication Bypass Fortios
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-68686 MEDIUM This Month

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. [CVSS 5.9 MEDIUM]

Fortinet Fortigate Fortios
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-54821 MEDIUM This Month

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS. Rated low severity (CVSS 1.9). No vendor patch available.

Fortinet Privilege Escalation Fortiproxy Fortipam Fortios
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-58903 LOW Monitor

Authenticated denial-of-service in Fortinet FortiOS allows a high-privileged user to crash the HTTP daemon via a specially crafted API request. The root cause is an unchecked return value (CWE-252) that triggers a null pointer dereference in the HTTP daemon, resulting in a temporary service disruption. EPSS exploitation probability is 0.06% (20th percentile), no KEV listing, and no public exploit identified at time of analysis, placing this as low operational priority despite network-reachable attack vector.

Fortinet Denial Of Service Fortios
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-57740 HIGH This Week

Authenticated remote code execution in Fortinet FortiOS, FortiProxy, and FortiPAM enables low-privileged users to trigger a heap-based buffer overflow through crafted RDP bookmark connection requests. The flaw affects multiple major release trains across all three product families, including FortiOS 7.6.2 and earlier, 7.4.7 and earlier, 7.2.10 and earlier, and all 6.4/7.0 versions. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Fortinet Heap Overflow Buffer Overflow Fortiproxy Fortipam +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-47890 MEDIUM This Month

Open redirect vulnerability in Fortinet FortiOS, FortiProxy, and FortiSASE enables unauthenticated attackers on an adjacent network segment to redirect authenticated users to attacker-controlled sites via crafted HTTP requests. The attack surface is substantially constrained by the adjacent-network-only vector (AV:A), high attack complexity (AC:H), and mandatory user interaction (UI:R), yielding a CVSS 2.6 Low severity score. No public exploit identified at time of analysis, and EPSS at 0.01% (1st percentile) confirms negligible observed exploitation pressure. A Siemens PSIRT advisory (SSA-864900) indicates this vulnerability also affects Siemens products embedding Fortinet components.

Fortinet Open Redirect Fortios Fortiproxy Fortisase
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-31366 MEDIUM This Month

Reflected cross-site scripting (XSS) in FortiOS, FortiProxy, and FortiSASE allows unauthenticated remote attackers to inject and execute malicious scripts in a victim's browser by tricking them into clicking a crafted HTTP request link. The vulnerability spans a wide range of FortiOS versions from 6.4 through 7.6.3 and all FortiProxy 7.x branches, meaning a large installed base of Fortinet network security appliances is affected. A Siemens CERT advisory (SSA-864900) indicates this vulnerability also affects Siemens products that embed Fortinet components, broadening organizational impact. No public exploit or CISA KEV listing has been identified at time of analysis.

Fortinet XSS Fortios Fortiproxy Fortisase
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-25253 HIGH This Week

Man-in-the-middle interception is possible against the ZTNA proxy in FortiProxy 7.6.1 and earlier, 7.4.8 and earlier, and all 7.2/7.0 versions, as well as FortiOS 7.6.2 and earlier, 7.4.8 and earlier, and all 7.2/7.0 versions, due to improper certificate-host validation (CWE-297). An adjacent network attacker in a privileged path-position can intercept and tamper with ZTNA proxy connections, undermining a control specifically deployed to enforce zero-trust authentication. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Fortinet Information Disclosure Fortiproxy Fortios
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-45584 MEDIUM This Month

A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiPAM 1.1 all versions, FortiPAM. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Fortinet Information Disclosure Fortios Fortipam Fortiproxy
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-52965 HIGH This Week

A security vulnerability in Fortinet FortiOS (CVSS 7.2). High severity vulnerability requiring prompt remediation.

Fortinet Information Disclosure Fortiproxy Fortios
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-25250 MEDIUM This Month

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.

Information Disclosure Fortinet Fortisase Fortios
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-22254 MEDIUM This Month

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiWeb 7.6.0 through 7.6.1, FortiWeb 7.4.0 through 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module.

Node.js Privilege Escalation Fortinet Fortiweb Fortios +1
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-50568 MEDIUM This Month

A security vulnerability in Fortinet FortiOS (CVSS 5.9) that allows an unauthenticated attacker with the knowledge of device specific data. Remediation should follow standard vulnerability management procedures.

Fortinet Information Disclosure Fortiproxy Fortios
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-47295 LOW Monitor

A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Fortinet Fortios
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2025-47294 MEDIUM This Month

A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via a specially. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Fortinet Fortios
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-22252 CRITICAL CERT-EU This Week

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortiswitchmanager Fortios
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-50565 LOW Monitor

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortiweb Fortivoice Fortiproxy +3
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2024-26013 HIGH This Week

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortianalyzer Fortimanager Fortios +3
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-37930 HIGH This Week

Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities vulnerability in Fortinet allows a VPN user to corrupt memory potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Fortinet Fortios Fortiproxy
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-25610 CRITICAL Act Now

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.0% and no vendor patch available.

RCE Fortinet Fortiweb Fortiswitchmanager Fortiswitch +5
NVD
CVSS 3.1
9.8
EPSS
16.0%
CVE-2019-16151 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2020-29010 MEDIUM This Month

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2019-6697 MEDIUM This Month

An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2019-15706 MEDIUM This Month

An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below,. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2024-26006 HIGH This Week

An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Fortinet Fortios Fortiproxy
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-24472 HIGH KEV THREAT Act Now

FortiOS and FortiProxy contain an authentication bypass allowing unauthenticated attackers with knowledge of upstream/downstream device serial numbers to gain super-admin privileges on downstream devices.

Authentication Bypass Fortinet Fortiproxy Fortios
NVD VulDB
CVSS 3.1
8.1
EPSS
10.1%
CVE-2024-40591 HIGH This Week

An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Fortios
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-35279 HIGH This Week

A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Stack Overflow Fortinet Fortios
NVD
CVSS 3.1
8.1
EPSS
3.6%
CVE-2023-40721 MEDIUM This Month

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Fortinet Fortios Fortiswitchmanager Fortiproxy +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2022-23439 MEDIUM This Month

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortiadc Fortiauthenticator Fortiddos +11
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-55591 CRITICAL POC KEV EUVD KEV THREAT CERT-EU Emergency

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote attackers to gain super-admin privileges through crafted requests.

Node.js Authentication Bypass Fortinet Fortiproxy Fortios
NVD GitHub
CVSS 3.1
9.8
EPSS
94.2%
Threat
7.8
CVE-2024-54021 MEDIUM This Month

An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-48886 CRITICAL This Week

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Fortinet Fortianalyzer Fortianalyzer Cloud Fortimanager +3
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2024-48884 CRITICAL Emergency

Arbitrary file write and folder deletion in Fortinet FortiManager, FortiOS, and FortiProxy is possible via a path traversal flaw in the security fabric interface, where a remote authenticated attacker can write arbitrary files and, more severely, a remote unauthenticated attacker can delete arbitrary folders. The flaw carries a CVSS 9.1 (I:H/A:H) and an unusually high EPSS of 39.29% (97th percentile), signaling elevated near-term exploitation likelihood, though no public exploit is identified and it is not yet in CISA KEV. Affected products span multiple FortiOS 6.4-7.6, FortiManager 7.4-7.6, FortiProxy 1.0-7.4, and FortiManager Cloud branches.

Fortinet Path Traversal Fortimanager Fortimanager Cloud Fortiproxy +4
NVD
CVSS 3.1
9.1
EPSS
39.3%
CVE-2024-46670 HIGH This Month

An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Fortinet Fortios
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2024-46669 LOW Monitor

An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Fortinet Fortios
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-46668 HIGH This Month

An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortios
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2024-46666 MEDIUM This Month

An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortios
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-46665 LOW Monitor

An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 3.1
3.7
EPSS
0.4%
CVE-2024-36504 MEDIUM This Month

An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Fortinet Fortios
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-46715 MEDIUM This Month

An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2023-42786 MEDIUM This Month

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Fortinet Denial Of Service Fortios
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-42785 MEDIUM This Month

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Fortinet Denial Of Service Fortios
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-33510 MEDIUM This Month

An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-26011 CRITICAL Act Now

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortios Fortipam Fortiproxy +3
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-36505 MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortios
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26015 MEDIUM This Month

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-26010 HIGH This Week

A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Fortinet Stack Overflow Fortios Fortipam +2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-23111 MEDIUM This Month

An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet XSS Fortiproxy Fortios
NVD
CVSS 3.1
4.8
EPSS
1.0%
CVE-2024-23110 HIGH This Week

A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fortinet Stack Overflow Fortios
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-21754 MEDIUM This Month

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiproxy Fortios
NVD
CVSS 3.1
4.4
EPSS
3.5%
CVE-2024-26007 HIGH This Week

An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortios
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-45583 HIGH This Week

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortiswitchmanager Fortios +1
NVD VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2023-36640 MEDIUM This Month

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortipam Fortios
NVD VulDB
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-23662 HIGH This Week

An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-23112 MEDIUM This Month

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-42790 HIGH This Week

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Buffer Overflow Stack Overflow Fortiproxy Fortios
NVD VulDB
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-42789 CRITICAL Act Now

A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Buffer Overflow Memory Corruption Fortiproxy Fortios
NVD VulDB
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-23113 CRITICAL KEV THREAT Act Now

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortiswitchmanager Fortios +1
NVD
CVSS 3.1
9.8
EPSS
61.7%
CVE-2024-21762 CRITICAL POC KEV THREAT Act Now

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Fortinet Memory Corruption Fortiproxy Fortios
NVD
CVSS 3.1
9.8
EPSS
83.4%
CVE-2023-44250 HIGH This Week

An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Privilege Escalation Fortiproxy Fortios
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-47536 MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiproxy Fortios
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-41678 HIGH This Week

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortios Fortipam
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-36639 HIGH This Week

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiproxy Fortios Fortipam
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-36641 MEDIUM This Month

A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortiproxy Fortios
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-28002 MEDIUM This Month

An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiproxy Fortios
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-41841 HIGH This Week

An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortios
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-41675 MEDIUM This Month

A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Fortinet Denial Of Service Memory Corruption Fortiproxy +1
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-37935 HIGH This Week

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-36555 MEDIUM This Month

An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet XSS Fortios
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-33301 MEDIUM This Month

An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortios
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-29183 MEDIUM This Month

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet RCE XSS Fortiproxy Fortios
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2023-29182 MEDIUM This Month

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet RCE Fortios
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-33308 CRITICAL Act Now

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet RCE Fortiproxy +1
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-28001 CRITICAL Act Now

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortios
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-33307 MEDIUM This Month

A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fortinet Null Pointer Dereference Fortiproxy Fortios
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33306 MEDIUM This Month

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fortinet Null Pointer Dereference Fortiproxy Fortios
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-33305 MEDIUM This Month

A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortiproxy Fortiweb Fortios
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-29178 MEDIUM This Month

A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Fortinet Denial Of Service Fortiproxy Fortios
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-29175 MEDIUM This Month

An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Information Disclosure Fortiproxy Fortios
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2023-27997 CRITICAL KEV EUVD KEV THREAT Act Now

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Fortinet Heap Overflow Fortiproxy +1
NVD
CVSS 3.1
9.8
EPSS
85.7%
CVE-2023-26207 MEDIUM This Month

An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiproxy Fortios
NVD
CVSS 3.1
6.5
EPSS
0.5%
EPSS 0% CVSS 4.3
MEDIUM This Month

Buffer over-read in Fortinet FortiOS and FortiProxy exposes sensitive memory contents to authenticated network attackers across multiple product lines including FortiPAM and FortiSwitchManager. The flaw, rooted in CWE-126 (buffer over-read), allows low-privileged remote users to read beyond allocated buffer boundaries, resulting in partial information disclosure with no integrity or availability impact. No active exploitation confirmed in CISA KEV, but the CVSS temporal vector includes E:P indicating proof-of-concept exploit code exists, and an official fix is available per RL:O.

Fortinet Buffer Overflow Information Disclosure +4
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

FortiOS across the 7.2, 7.4, and 7.6 release trains leaks portions of device runtime memory to authenticated remote attackers via a buffer over-read in redirect response handling. Exploitation requires valid credentials but no elevated privileges, and proof-of-concept code exists (CVSS temporal E:P). An official vendor fix is confirmed available (RL:O), though unpatched instances of FortiOS 7.2.x, 7.4.0-7.4.8, and 7.6.0-7.6.2 remain at risk of sensitive memory disclosure - a consequential exposure given that FortiOS processes session tokens, credentials, and cryptographic material at runtime.

Fortinet Buffer Overflow Fortios
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected or stored cross-site scripting in Fortinet FortiOS, FortiPAM, and FortiProxy web interfaces allows a remote unauthenticated attacker to execute JavaScript in the browser session of an authenticated administrator via crafted HTTP requests. The CVSS temporal metric E:P confirms publicly available proof-of-concept exploit code exists, and the RL:O metric confirms Fortinet has released an official fix. No active exploitation has been confirmed by CISA KEV at time of analysis, but the combination of a POC and the high-value targets (network security appliances and privileged access management systems) elevates real-world risk beyond what the base CVSS score of 6.1 suggests.

Fortinet XSS Fortios +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Path traversal (CWE-22) in Fortinet FortiOS, FortiProxy, and FortiPAM enables a highly-privileged, physically-present attacker to execute unauthorized code or commands by escaping restricted directory boundaries. The vendor-supplied CVSS vector (AV:P/PR:H) constrains exploitation to scenarios requiring both physical device access and high-level credentials, making opportunistic or remote mass exploitation implausible. A proof-of-concept exists per the CVSS temporal indicator (E:P), and Fortinet has released an official fix per PSIRT advisory FG-IR-26-151; this vulnerability is not currently listed in the CISA KEV catalog.

Fortinet Path Traversal Fortiproxy +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

HTTP Response Splitting in Fortinet FortiOS and FortiProxy captive portal authentication flows enables a man-in-the-middle attacker to inject arbitrary HTTP headers into intercepted authentication requests. Affected platforms span FortiOS 7.2-7.6.4 and FortiProxy 7.2-7.6.4. The CVSS temporal vector includes E:P, confirming proof-of-concept exploit code exists; however, no active exploitation has been confirmed via CISA KEV. The RL:O temporal indicator confirms an official remediation is available per vendor advisory FG-IR-26-153.

Fortinet Code Injection Fortipam +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

HTTP Response Splitting in Fortinet FortiOS and FortiProxy enables an attacker who holds a valid web filter override token to inject arbitrary HTTP headers into server responses by tricking a user into clicking a crafted link. Affected versions span FortiOS 7.2 through 7.6.4 and FortiProxy 7.2 through 7.6.4. No active exploitation has been confirmed by CISA KEV, though the CVSS temporal vector includes E:P, indicating partial proof-of-concept evidence exists. Real-world impact is constrained by the requirement to possess a valid web filter override token and to achieve user interaction.

Fortinet Code Injection Fortios +2
NVD
EPSS 1% CVSS 6.6
MEDIUM This Month

Stack-based buffer overflow in Fortinet FortiOS, FortiPAM, FortiProxy, and FortiSASE enables arbitrary code execution for a privileged authenticated attacker capable of bypassing ASLR and stack canary protections via crafted HTTP requests. The CVSS temporal metric E:P confirms proof-of-concept exploit code exists, and RL:O confirms an official patch has been released by Fortinet (advisory FG-IR-26-148). This vulnerability is not listed in CISA KEV at time of analysis, and the dual prerequisites of privileged access plus memory-protection bypass substantially constrain real-world exploitability despite the critical CIA impact triad.

Fortinet Buffer Overflow Stack Overflow +5
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Fortinet FortiOS and FortiProxy expose an internal debug interface (CWE-1244) that allows authenticated administrators to execute arbitrary Lua scripts through crafted CLI commands, exceeding their intended administrative scope. The vulnerability spans broad version ranges of both products, including FortiOS 6.4 through 7.6.2 and FortiProxy 7.0 through 7.6.3. While exploitation requires existing high-privilege (admin) access - limiting opportunistic attack surface - the CVSS temporal vector (E:P) confirms a proof-of-concept exploit exists, and the official fix is available (RL:O). No public exploit identified at time of analysis beyond the proof-of-concept, and this vulnerability is not listed in CISA KEV.

Fortinet Information Disclosure Fortios +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Fortios versions up to 7.6.4 contains a vulnerability that allows attackers to an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FS (CVSS 8.1).

Fortinet Fortigate LDAP +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. [CVSS 5.9 MEDIUM]

Fortinet Fortigate Fortios
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS. Rated low severity (CVSS 1.9). No vendor patch available.

Fortinet Privilege Escalation Fortiproxy +2
NVD VulDB
EPSS 0% CVSS 2.7
LOW Monitor

Authenticated denial-of-service in Fortinet FortiOS allows a high-privileged user to crash the HTTP daemon via a specially crafted API request. The root cause is an unchecked return value (CWE-252) that triggers a null pointer dereference in the HTTP daemon, resulting in a temporary service disruption. EPSS exploitation probability is 0.06% (20th percentile), no KEV listing, and no public exploit identified at time of analysis, placing this as low operational priority despite network-reachable attack vector.

Fortinet Denial Of Service Fortios
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Authenticated remote code execution in Fortinet FortiOS, FortiProxy, and FortiPAM enables low-privileged users to trigger a heap-based buffer overflow through crafted RDP bookmark connection requests. The flaw affects multiple major release trains across all three product families, including FortiOS 7.6.2 and earlier, 7.4.7 and earlier, 7.2.10 and earlier, and all 6.4/7.0 versions. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Fortinet Heap Overflow Buffer Overflow +3
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Open redirect vulnerability in Fortinet FortiOS, FortiProxy, and FortiSASE enables unauthenticated attackers on an adjacent network segment to redirect authenticated users to attacker-controlled sites via crafted HTTP requests. The attack surface is substantially constrained by the adjacent-network-only vector (AV:A), high attack complexity (AC:H), and mandatory user interaction (UI:R), yielding a CVSS 2.6 Low severity score. No public exploit identified at time of analysis, and EPSS at 0.01% (1st percentile) confirms negligible observed exploitation pressure. A Siemens PSIRT advisory (SSA-864900) indicates this vulnerability also affects Siemens products embedding Fortinet components.

Fortinet Open Redirect Fortios +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected cross-site scripting (XSS) in FortiOS, FortiProxy, and FortiSASE allows unauthenticated remote attackers to inject and execute malicious scripts in a victim's browser by tricking them into clicking a crafted HTTP request link. The vulnerability spans a wide range of FortiOS versions from 6.4 through 7.6.3 and all FortiProxy 7.x branches, meaning a large installed base of Fortinet network security appliances is affected. A Siemens CERT advisory (SSA-864900) indicates this vulnerability also affects Siemens products that embed Fortinet components, broadening organizational impact. No public exploit or CISA KEV listing has been identified at time of analysis.

Fortinet XSS Fortios +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Man-in-the-middle interception is possible against the ZTNA proxy in FortiProxy 7.6.1 and earlier, 7.4.8 and earlier, and all 7.2/7.0 versions, as well as FortiOS 7.6.2 and earlier, 7.4.8 and earlier, and all 7.2/7.0 versions, due to improper certificate-host validation (CWE-297). An adjacent network attacker in a privileged path-position can intercept and tamper with ZTNA proxy connections, undermining a control specifically deployed to enforce zero-trust authentication. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Fortinet Information Disclosure Fortiproxy +1
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiPAM 1.1 all versions, FortiPAM. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Fortinet Information Disclosure Fortios +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A security vulnerability in Fortinet FortiOS (CVSS 7.2). High severity vulnerability requiring prompt remediation.

Fortinet Information Disclosure Fortiproxy +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.

Information Disclosure Fortinet Fortisase +1
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM This Month

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiWeb 7.6.0 through 7.6.1, FortiWeb 7.4.0 through 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module.

Node.js Privilege Escalation Fortinet +3
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

A security vulnerability in Fortinet FortiOS (CVSS 5.9) that allows an unauthenticated attacker with the knowledge of device specific data. Remediation should follow standard vulnerability management procedures.

Fortinet Information Disclosure Fortiproxy +1
NVD
EPSS 0% CVSS 3.7
LOW Monitor

A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Fortinet Fortios
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via a specially. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Fortinet +1
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy +2
NVD
EPSS 0% CVSS 3.1
LOW Monitor

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortiweb +5
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortianalyzer +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities vulnerability in Fortinet allows a VPN user to corrupt memory potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Fortinet Fortios +1
NVD
EPSS 16% CVSS 9.8
CRITICAL Act Now

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.0% and no vendor patch available.

RCE Fortinet Fortiweb +7
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortios
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortios
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below,. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinet Fortiproxy +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Fortinet Fortios +1
NVD
EPSS 10% CVSS 8.1
HIGH KEV THREAT Act Now

FortiOS and FortiProxy contain an authentication bypass allowing unauthenticated attackers with knowledge of upstream/downstream device serial numbers to gain super-admin privileges on downstream devices.

Authentication Bypass Fortinet Fortiproxy +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Fortios
NVD
EPSS 4% CVSS 8.1
HIGH This Week

A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Stack Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Fortinet Fortios +3
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortiadc +13
NVD
EPSS 94% 7.8 CVSS 9.8
CRITICAL POC KEV EUVD KEV THREAT Emergency

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote attackers to gain super-admin privileges through crafted requests.

Node.js Authentication Bypass Fortinet +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy +1
NVD
EPSS 0% CVSS 9.0
CRITICAL This Week

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Fortinet Fortianalyzer +5
NVD
EPSS 39% CVSS 9.1
CRITICAL Emergency

Arbitrary file write and folder deletion in Fortinet FortiManager, FortiOS, and FortiProxy is possible via a path traversal flaw in the security fabric interface, where a remote authenticated attacker can write arbitrary files and, more severely, a remote unauthenticated attacker can delete arbitrary folders. The flaw carries a CVSS 9.1 (I:H/A:H) and an unusually high EPSS of 39.29% (97th percentile), signaling elevated near-term exploitation likelihood, though no public exploit is identified and it is not yet in CISA KEV. Affected products span multiple FortiOS 6.4-7.6, FortiManager 7.4-7.6, FortiProxy 1.0-7.4, and FortiManager Cloud branches.

Fortinet Path Traversal Fortimanager +6
NVD
EPSS 2% CVSS 7.5
HIGH This Month

An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD
EPSS 0% CVSS 3.5
LOW Monitor

An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Fortinet +1
NVD
EPSS 2% CVSS 7.5
HIGH This Month

An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortios
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortios
NVD
EPSS 0% CVSS 3.7
LOW Monitor

An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Fortinet Denial Of Service +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Fortinet Denial Of Service +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Fortinet Fortiproxy +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortios +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortios
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Fortinet Stack Overflow +4
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet XSS Fortiproxy +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fortinet Stack Overflow +1
NVD
EPSS 3% CVSS 4.4
MEDIUM This Month

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiproxy +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortios
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy +3
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy +2
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Buffer Overflow Stack Overflow +2
NVD VulDB
EPSS 3% CVSS 9.8
CRITICAL Act Now

A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Buffer Overflow Memory Corruption +2
NVD VulDB
EPSS 62% CVSS 9.8
CRITICAL KEV THREAT Act Now

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy +3
NVD
EPSS 83% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Fortinet Memory Corruption +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Privilege Escalation Fortiproxy +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiproxy +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortios +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiproxy +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortiproxy +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiproxy +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortios
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Fortinet Denial Of Service +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet XSS Fortios
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortios
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet RCE XSS +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortios
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fortinet Null Pointer Dereference +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fortinet Null Pointer Dereference +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortiproxy +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Fortinet Denial Of Service +2
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Information Disclosure Fortiproxy +1
NVD
EPSS 86% CVSS 9.8
CRITICAL KEV EUVD KEV THREAT Act Now

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Fortinet +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiproxy +1
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy