CVE-2024-56497

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or...

CVE-2024-56497

Fortinet FortiMail and FortiRecorder are affected by an OS command injection due to improper neutralization of special elements in CLI handling. Affected: FortiMail 6.4.0–6.4.7, 7.0.0–7.0.6, 7.2.0–7.2.4; FortiRecorder 6.4.0–6.4.4 and 7.0.0. Root cause: insufficient sanitization allows execution o...

CVE-2024-35276

CVE-2024-35276 is a stack-based buffer overflow affecting Fortinet FortiAnalyzer and FortiManager products across multiple versions (FortiAnalyzer/Cloud, FortiManager/Cloud; 6.4.x to 7.4.x with various sub-versions). The root cause is a stack-based overflow that allows an attacker to execute arbi...

CVE-2024-35276

A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1...

CVE-2024-35276

A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1...

CVE-2024-36512

Fortinet FortiManager and FortiAnalyzer are affected by CVE-2024-36512 due to an improper restriction of a pathname to a restricted directory (path traversal). Affected versions include FortiManager/FortiAnalyzer 6.2.10–6.2.13, 7.0.2–7.0.12, 7.2.0–7.2.5, and 7.4.0–7.4.3. The root cause is imprope...

CVE-2024-36512

An improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS...

CVE-2024-36512

An improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS...

CVE-2024-50566

CVE-2024-50566 affects Fortinet FortiManager and FortiManager Cloud: FortiManager Cloud 7.6.0–7.6.1, 7.4.0–7.4.4, 7.2.2–7.2.7; FortiManager 7.6.0–7.6.1, 7.4.0–7.4.5, 7.2.1–7.2.8 (and corresponding Cloud variants). Root cause: improper neutralization of special elements used in OS commands (OS com...

CVE-2024-12083

The CVE-2024-12083 issue affects Omron NJ/NX-series Machine Automation Controllers. A path traversal vulnerability (CWE-22) exists in the NJ/NX product line, allowing a remote attacker (with administrative privileges) to access arbitrary files and potentially execute arbitrary code on the control...

Fortinet Fortigate File-Filter Bypass in Explicit Web Proxy Policy (FG-IR-24-282)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-282 advisory. - An improper neutralization of crlf sequences in http headers 'http response splitting' in Fortinet FortiOS 7.2.0 through...

Fortinet FortiManager和FortiAnalyzer 路径遍历漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer are both products of Fortinet, Inc. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains AD...

Fortinet Fortigate Weak Authentication in csfd daemon (FG-IR-24-221)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-24-221 advisory. - A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through...

Fortinet FortiSwitch 安全漏洞

Fortinet FortiSwitch is a network switch management tool from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSwitch that stems from the use of hard-coded encryption keys that allow an attacker to execute unauthorized code or commands via a crafted request...

Fortinet FortiVoice 操作系统命令注入漏洞

Fortinet FortiVoice is a network communications solution from Fortinet, Inc. Fortinet FortiVoice suffers from an operating system command injection vulnerability that arises from an improper neutralization of special elements used in operating system commands, which can be exploited by an attacke...

Fortinet FortiManager和FortiAnalyzer 路径遍历漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer are both products of Fortinet, Inc. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains AD...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A securit...

Omron NJ/NX-series Machine Automation Controllers 路径遍历漏洞

Omron NJ/NX-series Machine Automation Controllers are a series of controllers from Omron Japan. A path traversal vulnerability exists in Omron NJ/NX-series Machine Automation Controllers, which stems from a path traversal vulnerability that can be exploited by an attacker to gain unauthorized...

Fortinet FortiWLM Path Traversal Vulnerability (CNVD-2024-4963848)

Fortinet FortiWLM is a wireless manager from Fortinet, Inc. Fortinet FortiWLM suffers from a path traversal vulnerability that stems from the program failing to properly filter for specific elements in the path to a resource or file. An attacker could use this vulnerability to execute unauthorize...

Fortinet FortiManager Operating System Command Injection Vulnerability

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...