CVE-2023-42786

Fortinet FortiOS contains a null pointer dereference in its handling of HTTP requests that can trigger a denial-of-service. Affected are FortiOS releases 7.4.0–7.4.1, 7.2.0–7.2.5, and all 7.0, 6.4, 6.2, and 6.0 series versions (including FortiProxy/FortiOS HA clusters per related advisories). The...

CVE-2023-42786

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request...

CVE-2023-42786

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request...

CVE-2023-42785

Fortinet FortiOS contains a null pointer dereference leading to denial of service (DoS) via a crafted HTTP request. Affected products and versions include FortiOS 7.4.0–7.4.1, 7.2.0–7.2.5, and all 7.0, 6.4, 6.2, and 6.0 branches. The underlying issue is a null pointer dereference in handling craf...

CVE-2023-42785

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request...

CVE-2023-42785

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request...

CVE-2024-46670

CVE-2024-46670 describes an Out-of-bounds Read (CWE-125) in FortiOS: affected are FortiOS 7.6.0, 7.4.4 and below, 7.2.9 and below, and FortiSASE FortiOS tenant 24.3.b. An unauthenticated remote attacker could trigger memory consumption that leads to Denial of Service via crafted requests. The con...

CVE-2024-46670

An Out-of-bounds Read vulnerability CWE-125 in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted...

CVE-2024-46670

An Out-of-bounds Read vulnerability CWE-125 in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted...

CVE-2024-46669

An Integer Overflow or Wraparound vulnerability CWE-190 in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service...

CVE-2024-46669

CVE-2024-46669 is an Integer Overflow or Wraparound (CWE-190) vulnerability in FortiSASE FortiOS IPsec IKE service, affecting FortiSASE 23.4.b and FortiOS versions 7.4.4 and below and 7.2.10 and below. Multiple sources describe an authenticated attacker able to crash the IPsec tunnel by sending c...

CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...

CVE-2024-55591

CVE-2024-55591 is a critical authentication bypass affecting FortiOS and FortiProxy. Public PoCs describe remote exploitation via WebSocket/Telnet management interfaces to gain super-admin privileges without valid credentials. Affected versions include FortiOS 7.0.0–7.0.16 and FortiProxy 7.0.0–7....

CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...

CVE-2024-52963

Fortinet FortiOS contains an out-of-bounds write vulnerability (CVE-2024-52963) affecting FortiOS versions 7.6.0; 7.4.0–7.4.6; 7.2.0–7.2.10; 7.0.0–7.0.16; 6.4.0–6.4.15. An attacker can trigger a denial of service by sending specially crafted packets. The available documents specify affected versi...

CVE-2024-52963

A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets...

CVE-2024-52963

A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets...

CVE-2024-46665

An insertion of sensitive information into sent data vulnerability CWE-201 in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests...

CVE-2024-46665

An insertion of sensitive information into sent data vulnerability CWE-201 in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests...

CVE-2024-46665

FortiOS 7.6.0 and 7.4.0–7.4.4 contain a CWE-201 vulnerability described as an insertion of sensitive information into sent data. In a man-in-the-middle (MITM) position, an attacker could intercept accounting requests and retrieve the RADIUS accounting server shared secret. CVSS 3.1 metrics indica...