Skip to main content

Fortiswitchmanager

10 CVEs product

Monthly

CVE-2026-59840 MEDIUM This Month

Buffer over-read in Fortinet FortiOS and FortiProxy exposes sensitive memory contents to authenticated network attackers across multiple product lines including FortiPAM and FortiSwitchManager. The flaw, rooted in CWE-126 (buffer over-read), allows low-privileged remote users to read beyond allocated buffer boundaries, resulting in partial information disclosure with no integrity or availability impact. No active exploitation confirmed in CISA KEV, but the CVSS temporal vector includes E:P indicating proof-of-concept exploit code exists, and an official fix is available per RL:O.

Fortinet Buffer Overflow Information Disclosure Fortios Fortipam +2
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-22252 CRITICAL CERT-EU This Week

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortiswitchmanager Fortios
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-25610 CRITICAL Act Now

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.0% and no vendor patch available.

RCE Fortinet Fortiweb Fortiswitchmanager Fortiswitch +5
NVD
CVSS 3.1
9.8
EPSS
16.0%
CVE-2023-40721 MEDIUM This Month

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Fortinet Fortios Fortiswitchmanager Fortiproxy +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-26011 CRITICAL Act Now

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortios Fortipam Fortiproxy +3
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-26010 HIGH This Week

A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Fortinet Stack Overflow Fortios Fortipam +2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-45583 HIGH This Week

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortiswitchmanager Fortios +1
NVD VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-23113 CRITICAL KEV THREAT Act Now

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortiswitchmanager Fortios +1
NVD
CVSS 3.1
9.8
EPSS
61.7%
CVE-2023-36635 MEDIUM This Month

An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiswitchmanager
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-40684 CRITICAL POC KEV THREAT Emergency

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Fortinet Authentication Bypass Fortiproxy Fortiswitchmanager Fortios
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
EPSS 0% CVSS 4.3
MEDIUM This Month

Buffer over-read in Fortinet FortiOS and FortiProxy exposes sensitive memory contents to authenticated network attackers across multiple product lines including FortiPAM and FortiSwitchManager. The flaw, rooted in CWE-126 (buffer over-read), allows low-privileged remote users to read beyond allocated buffer boundaries, resulting in partial information disclosure with no integrity or availability impact. No active exploitation confirmed in CISA KEV, but the CVSS temporal vector includes E:P indicating proof-of-concept exploit code exists, and an official fix is available per RL:O.

Fortinet Buffer Overflow Information Disclosure +4
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy +2
NVD
EPSS 16% CVSS 9.8
CRITICAL Act Now

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.0% and no vendor patch available.

RCE Fortinet Fortiweb +7
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Fortinet Fortios +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortios +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Fortinet Stack Overflow +4
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy +3
NVD VulDB
EPSS 62% CVSS 9.8
CRITICAL KEV THREAT Act Now

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy +3
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiswitchmanager
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Fortinet Authentication Bypass Fortiproxy +2
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy