7 matches found
CVE-2024-40584
CVE-2024-40584 concerns an OS Command Injection in Fortinet products due to improper neutralization of special elements in OS commands. Affected are FortiAnalyzer (versions 7.4.0–7.4.3, 7.2.0–7.2.5, 7.0.0–7.0.13, 6.4.0–6.4.15, 6.2.2–6.2.13), FortiManager (same version ranges), FortiAnalyzer BigDa...
CVE-2024-35276
CVE-2024-35276 is a stack-based buffer overflow affecting Fortinet FortiAnalyzer and FortiManager products across multiple versions (FortiAnalyzer/Cloud, FortiManager/Cloud; 6.4.x to 7.4.x with various sub-versions). The root cause is a stack-based overflow that allows an attacker to execute arbi...
CVE-2024-33503
CVE-2024-33503 concerns Fortinet FortiManager and FortiAnalyzer, with an issue described as improper privilege management that enables escalation of privileges via specific shell commands. Affected product families and versions are FortiManager 7.4.0–7.4.3, 7.2.0–7.2.5, 7.0.0–7.0.12, 6.4.0–6.4.14...
CVE-2024-45331
CVE-2024-45331 is a privilege-escalation flaw caused by incorrect privilege assignment in Fortinet FortiAnalyzer (versions 6.4.0–6.4.15, 7.0.0–7.0.13, 7.2.0–7.2.5, 7.4.0–7.4.3) and FortiManager (6.4.0–6.4.15, 7.0.0–7.0.13, 7.2.0–7.2.5, 7.4.0–7.4.2) as well as FortiAnalyzer Cloud (6.4.1–6.4.7, 7.0...
CVE-2025-24474
CVE-2025-24474 describes an SQL Injection (CWE-89) in Fortinet products: FortiManager (versions 6.4–7.6.1), FortiManager Cloud (6.4–7.4.6), FortiAnalyzer (6.4–7.6.1), and FortiAnalyzer Cloud (6.4–7.4.6). The root cause is improper neutralization of special elements in SQL commands, which may allo...
CVE-2024-50571
Mode C: CVE-2024-50571 is a heap-based buffer overflow affecting Fortinet FortiOS, FortiAnalyzer, FortiManager, FortiProxy and related cloud/services across many versions (e.g., FortiOS 6.x–7.6.2; FortiAnalyzer/Manager/Proxy clouds as listed). The vulnerability arises from specially crafted netwo...
CVE-2025-48418
The CVE-2025-48418 entry describes a hidden functionality privilege-escalation vulnerability affecting Fortinet FortiAnalyzer and FortiManager (including cloud variants) across multiple versions (FortiAnalyzer: 6.4 all, 7.0.x–7.6.3; FortiAnalyzer Cloud: 6.4 all, 7.0.1–7.6.3; FortiManager: 6.4 all...