CVE-2024-33502

An improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execu...

CVE-2024-26012

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2....

CVE-2023-37936

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests...

CVE-2023-37936

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests...

CVE-2024-47572

This CVE affects Fortinet FortiSOAR. The issue is an improper neutralization of formula elements in CSV files, exploitable by manipulating the CSV to cause code/command execution. Affected versions are FortiSOAR 7.2.1 through 7.4.1. Root cause: unsafe handling of CSV content leading to remote cod...

CVE-2024-26012

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2....

CVE-2024-26012

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2....

CVE-2024-26012

CVE-2024-26012: Fortinet FortiAP family devices are affected by an OS command injection vulnerability due to improper neutralization of special elements in commands. A local authenticated attacker could execute unauthorized code via the CLI. Affected products and versions include FortiAP-S: 6.2 (...

CVE-2024-33502

CVE-2024-33502 affects Fortinet FortiManager and FortiAnalyzer. Affected versions include FortiManager/ FortiAnalyzer releases (e.g., 6.x, 7.x series) where a pathname is improperly limited to restricted directories, enabling path traversal. Resulting in potential execution of unauthorized code o...

CVE-2024-33502

An improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execu...

CVE-2024-48890

FortiSOAR IMAP connector (versions ≤ 3.5.7) is affected by an OS Command Injection (CWE-78) due to improper neutralization of special elements in commands. An authenticated attacker could execute unauthorized code or commands via a specially crafted playbook. Remediation: upgrade FortiSOAR IMAP c...

CVE-2024-54021

An Improper Neutralization of CRLF Sequences in HTTP Headers 'http response splitting' vulnerability CWE-113 in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers...

CVE-2024-52967

An improper neutralization of script-related html tags in a web page basic xss in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection...

CVE-2024-52967

An improper neutralization of script-related html tags in a web page basic xss in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection...

CVE-2024-48886

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1...

CVE-2024-48886

CVE-2024-48886 concerns Fortinet products (FortiOS, FortiProxy, FortiManager, FortiAnalyzer Cloud, FortiManager Cloud) with a weak authentication flaw that allows an attacker to execute unauthorized code or commands via brute-force. The initial description lists affected versions across FortiOS: ...

CVE-2024-48886

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1...

CVE-2023-37937

The CVE-2023-37937 issue is an os command injection in Fortinet FortiSwitch CLI caused by improper neutralization of special elements. Affected FortiSwitch versions are 6.0.0–6.0.7, 6.2.0–6.2.7, 6.4.0–6.4.13, 7.0.0–7.0.7, 7.2.0–7.2.5, and 7.4.0. Remediation guidance (per PT-2025-1190) is to updat...

CVE-2023-37937

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code o...

CVE-2023-37936

Fortinet FortiSwitch is affected by CVE-2023-37936 due to use of a hard-coded cryptographic key. Versions affected include 7.4.0 and 7.2.0 through 7.2.5, 7.0.0 through 7.0.7, 6.4.0 through 6.4.13, 6.2.0 through 6.2.7, and 6.0.0 through 6.0.7. The underlying issue enables an attacker to execute un...