CVE-2024-48886

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1...

CVE-2024-48886

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1...

CVE-2023-37936

Fortinet FortiSwitch is affected by CVE-2023-37936 due to use of a hard-coded cryptographic key. Versions affected include 7.4.0 and 7.2.0 through 7.2.5, 7.0.0 through 7.0.7, 6.4.0 through 6.4.13, 6.2.0 through 6.2.7, and 6.0.0 through 6.0.7. The underlying issue enables an attacker to execute un...

CVE-2023-37937

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code o...

CVE-2023-37937

The CVE-2023-37937 issue is an os command injection in Fortinet FortiSwitch CLI caused by improper neutralization of special elements. Affected FortiSwitch versions are 6.0.0–6.0.7, 6.2.0–6.2.7, 6.4.0–6.4.13, 7.0.0–7.0.7, 7.2.0–7.2.5, and 7.4.0. Remediation guidance (per PT-2025-1190) is to updat...

CVE-2024-56497

Fortinet FortiMail and FortiRecorder are affected by an OS command injection due to improper neutralization of special elements in CLI handling. Affected: FortiMail 6.4.0–6.4.7, 7.0.0–7.0.6, 7.2.0–7.2.4; FortiRecorder 6.4.0–6.4.4 and 7.0.0. Root cause: insufficient sanitization allows execution o...

CVE-2024-56497

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or...

CVE-2024-35276

A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1...

CVE-2024-35276

A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1...

CVE-2024-35276

CVE-2024-35276 is a stack-based buffer overflow affecting Fortinet FortiAnalyzer and FortiManager products across multiple versions (FortiAnalyzer/Cloud, FortiManager/Cloud; 6.4.x to 7.4.x with various sub-versions). The root cause is a stack-based overflow that allows an attacker to execute arbi...

CVE-2024-36512

An improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS...

CVE-2024-36512

An improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS...

CVE-2024-36512

Fortinet FortiManager and FortiAnalyzer are affected by CVE-2024-36512 due to an improper restriction of a pathname to a restricted directory (path traversal). Affected versions include FortiManager/FortiAnalyzer 6.2.10–6.2.13, 7.0.2–7.0.12, 7.2.0–7.2.5, and 7.4.0–7.4.3. The root cause is imprope...

CVE-2024-50566

CVE-2024-50566 affects Fortinet FortiManager and FortiManager Cloud: FortiManager Cloud 7.6.0–7.6.1, 7.4.0–7.4.4, 7.2.2–7.2.7; FortiManager 7.6.0–7.6.1, 7.4.0–7.4.5, 7.2.1–7.2.8 (and corresponding Cloud variants). Root cause: improper neutralization of special elements used in OS commands (OS com...

CVE-2024-12083

The CVE-2024-12083 issue affects Omron NJ/NX-series Machine Automation Controllers. A path traversal vulnerability (CWE-22) exists in the NJ/NX product line, allowing a remote attacker (with administrative privileges) to access arbitrary files and potentially execute arbitrary code on the control...

Fortinet FortiManager和FortiAnalyzer 路径遍历漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer are both products of Fortinet, Inc. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains AD...

Fortinet FortiSwitch 安全漏洞

Fortinet FortiSwitch is a network switch management tool from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSwitch that stems from the use of hard-coded encryption keys that allow an attacker to execute unauthorized code or commands via a crafted request...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A securit...

Fortinet FortiVoice 操作系统命令注入漏洞

Fortinet FortiVoice is a network communications solution from Fortinet, Inc. Fortinet FortiVoice suffers from an operating system command injection vulnerability that arises from an improper neutralization of special elements used in operating system commands, which can be exploited by an attacke...

Fortinet Fortigate Weak Authentication in csfd daemon (FG-IR-24-221)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-24-221 advisory. - A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through...