CVE-2024-55599

An Improperly Implemented Security Check for Standard vulnerability CWE-358 in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions may allow a remote unauthenticated...

Fortinet FortiOS和Fortinet FortiProxy 安全漏洞

Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...

Fortinet Fortigate PKI via API: Authentication granted with an invalid certificate (FG-IR-24-511)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-511 advisory. - A missing critical step in authentication vulnerability CWE-304 in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0...

PT-2025-28464 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 7.4.8 FortiOS version 7.6.0 FortiOS versions 7.0 and earlier FortiOS versions 6.4 and earlier FortiProxy versions prior to 7.4.9 FortiProxy versions 7.2 and earlier FortiProxy versions 7.0 and earlier FortiProxy...

Fortinet FortiOS和Fortinet FortiProxy 安全特征问题漏洞

Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...

PT-2025-28644

Name of the Vulnerable Software and Affected Versions: FortiOS affected versions not specified Description: A heap-based buffer overflow vulnerability exists in the cw stad daemon. This vulnerability, classified under CWE-122, could allow an authenticated attacker to execute arbitrary code or...

PT-2025-28463 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.0.0 through 7.0.15 Fortinet FortiOS versions 7.2.0 through 7.2.10 Fortinet FortiOS versions 7.4.0 through 7.4.5 Fortinet FortiOS versions 7.6.0 through 7.6.1 FortiProxy versions 7.0.0 through 7.0.19 FortiProxy...

Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy

CVE-2024-23113 FortiOS Test Environment A Docker-based test e...

VulnCheck KEV: CVE-2022-41335

A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read...

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of vulnerabilitie...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-54085link is external AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability CVE-2024-0769link is external D-Link DIR-859 Router Path Traversal...

Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability

Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key...

Exploit for Insufficient Session Expiration in Fortinet Fortisase

Fortinet SSL-VPN Session Reuse Vulnerability CVE-2024-50562...

FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse

!/usr/bin/env python3 """ Exploit Title: FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse Date: 2025-06-15 Exploit Author: Shahid Parvez Hakim BugB Technologies Vendor Homepage: https://www.fortinet.com Software Link: https://www.fortinet.com/products/secure-sd-wan/fortigate...

U.S. Dept Of Defense: Reflected XSS via user parameter on getconfig.esp endpoint

The getconfig.esp endpoint was found to reflect unsanitized user input provided in the user parameter directly into the HTML response, resulting in a Reflected Cross-Site Scripting XSS vulnerability. The affected product was Fortinet SSL VPN FortiOS version 3.0.1-10...

CVE-2025-25250

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL...

CVE-2023-29184

An incomplete cleanup vulnerability CWE-459 in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests...

CVE-2025-24471

An Improper Certificate Validation vulnerability CWE-295 in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate...

CVE-2024-50562

An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session...

CVE-2025-22254

An Improper Privilege Management vulnerability CWE-269 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7,...