943 matches found
Fortinet FortiAnalyzer Private key readable by admin (FG-IR-24-133)
The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-133 advisory. - A key management error vulnerability CWE-320 in FortiManager, FortiAnalyzer and FortiPortal may allow an authenticated...
Fortinet FortiAnalyzer Pre-authentication DoS attack in OpenSSH - CVE-2025-26466 (FG-IR-25-122)
The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-122 advisory. - A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a...
fortinet FortiAnalyzer License Issues Vulnerability
FortiAnalyzer is Fortinet's centralized security analysis and reporting platform. A security vulnerability exists in FortiAnalyzer that stems from a flaw in the authentication mechanism for OFTP requests. An attacker can exploit this vulnerability to obtain device operational status information o...
fortinet FortiAnalyzer Competitive Conditions Issue Vulnerability
FortiAnalyzer is Fortinet's centralized security log management and analysis platform. FortiAnalyzer suffers from a competitive condition vulnerability that stems from an improper synchronization mechanism for shared resources. An attacker can exploit this vulnerability to bypass the FortiCloud...
CVE-2025-54973
A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...
CVE-2025-53845
An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...
CVE-2024-50571
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all versions, FortiAnalyzer 6.2 all versions, FortiAnalyzer 6.0 all versions,...
Fortinet FortiAnalyzer Missing authentication check in OFTP service (FG-IR-25-378)
The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-378 advisory. - An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6...
Fortinet FortiAnalyzer SSO SAML authentication (FG-IR-25-198)
The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-198 advisory. - A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in...
EUVD-2025-34233
An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...
EUVD-2025-34238
A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...
CVE-2025-53845
An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...
CVE-2025-53845
An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...
CVE-2025-54973
A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...
CVE-2024-50571
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all versions, FortiAnalyzer 6.2 all versions, FortiAnalyzer 6.0 all versions,...
CVE-2025-53845
Fortinet FortiAnalyzer is affected by CVE-2025-53845. Versions 7.6.0–7.6.3 and prior to 7.4.6 are vulnerable to an improper authentication vulnerability (CWE-287) that allows an unauthenticated attacker to obtain device health/status information or cause a denial of service via crafted OFTP reque...
CVE-2025-53845
An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...
CVE-2025-53845
An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...
CVE-2025-54973
A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...
CVE-2025-54973
CVE-2025-54973 describes a race condition (CWE-362) in Fortinet FortiAnalyzer. Multiple FortiAnalyzer releases are affected (versions 7.6.0–7.6.2, 7.4.0–7.4.6, 7.2.0–7.2.10, and before 7.0.13). The issue arises from improper synchronization of a shared resource, enabling an attacker to attempt to...