2767 matches found
FortiOS 7.0.x < 7.0.13 / 7.2.x < 7.2.6 / 7.4.x < 7.4.2 Remote Code Execution
FortiOS version 6.0.x prior to 6.0.16 or 6.2.x prior to 6.2.15 or 6.4.x prior to 6.4.14 or 7.0.x prior to 7.0.13 or 7.2.x prior to 7.2.6 or 7.4.x prior to 7.4.2 and FortiProxy version 7.0.x prior to 7.0.14 or 7.2.x prior to 7.2.8 or 7.4.x prior to 7.4.2 are affected by a vulnerability allowing...
Fortinet FortiOS and FortiProxy Remote Code Execution (CVE-2024-21762)
Binary data fortiosandfortiproxyCVE-2024-21762.nbin...
Vulnerabilities fixed in Fortinet products
Fortinet has fixed vulnerabilities in FortiManager, FortiManager Cloud, FortiAnalyzer, FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiSwitchManager and FortiWeb. The vulnerabilities include an OS Command Injection that allows local attackers to execute unauthorized code by manipulating CLI command...
PT-2025-23071 · Fortinet · Fortios
Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.0.0 through 7.0.14 Fortinet FortiOS versions 7.2.0 through 7.2.7 Fortinet FortiOS versions 7.4.0 through 7.4.3 Description: A buffer over-read in Fortinet FortiOS may allow a remote unauthenticated attacker to cras...
Fortinet Fortigate Buffer over-read in FGFM (FG-IR-24-381)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-381 advisory. - A buffer over-read vulnerability CWE-126 in FortiOS may allow a remote unauthenticated attacker to crash the FGFM daemon vi...
PT-2025-21131 · Fortinet · Fortiproxy +2
Name of the Vulnerable Software and Affected Versions: Fortinet FortiProxy versions 7.6.0 through 7.6.1 FortiSwitchManager version 7.2.5 FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 Description: A missing authentication for critical functions in Fortinet products may allow an attacker...
PT-2025-23070 · Fortinet · Fortios
Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.2.0 through 7.2.7 Fortinet FortiOS versions 7.0.0 through 7.0.14 Description: The issue is related to an integer overflow or wraparound that may allow a remote unauthenticated attacker to crash the csfd daemon via ...
FortiOS 7.0.x < 7.0.16 Authentication Bypass
FortiOS version 7.0.x prior to 7.0.16 and FortiProxy version 7.0.x prior to 7.0.19 or 7.2.x prior to 7.2.12 are affected by a vulnerability allowing allows a remote attacker to gain super-admin privileges via a specific crafted requests. No source data...
PT-2025-18987 · Undefined · Undefined
Уязвимость операционных систем Fortinet FortiOS связана с недостатками механизма аутентификации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, раскрыть данные о конфигурации устройства и обойти существующие механизмы безопасности...
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched. The attackers are believed to have leveraged known and now-patched security flaws, including, but not...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy
CVE-2024-55591: FortiOS Authentication Bypass If you’re r...
Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities
Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475 within FortiGate products. This malicious file could enable read-only access to files on the device's file system, which may include...
CVE-2024-32122
A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server...
CVE-2024-50565
A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through...
CVE-2024-26013
A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and...
CVE-2024-50565
A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through...
CVE-2024-32122
A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server...
CVE-2024-50565
A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through...
CVE-2024-32122
A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server...
CVE-2024-26013
A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and...