11 matches found
CVE-2024-48886
CVE-2024-48886 concerns Fortinet products (FortiOS, FortiProxy, FortiManager, FortiAnalyzer Cloud, FortiManager Cloud) with a weak authentication flaw that allows an attacker to execute unauthorized code or commands via brute-force. The initial description lists affected versions across FortiOS: ...
CVE-2024-50563
CVE-2024-50563 involves a weak authentication flaw affecting Fortinet FortiManager Cloud, FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud. Version ranges affected include FortiManager/FortiAnalyzer 7.6.0–7.6.1 and 7.4.1–7.4.3, FortiAnalyzer Cloud 7.4.1–7.4.3, and FortiMan...
CVE-2024-45330
CVE-2024-45330 describes an externally-controlled format string vulnerability in Fortinet FortiAnalyzer affecting 7.4.0–7.4.3 and 7.2.2–7.2.5. The flaw allows an attacker to escalate privileges by sending specially crafted requests. The available sources confirm the affected product and impact; n...
CVE-2024-40584
CVE-2024-40584 concerns an OS Command Injection in Fortinet products due to improper neutralization of special elements in OS commands. Affected are FortiAnalyzer (versions 7.4.0–7.4.3, 7.2.0–7.2.5, 7.0.0–7.0.13, 6.4.0–6.4.15, 6.2.2–6.2.13), FortiManager (same version ranges), FortiAnalyzer BigDa...
CVE-2024-35276
CVE-2024-35276 is a stack-based buffer overflow affecting Fortinet FortiAnalyzer and FortiManager products across multiple versions (FortiAnalyzer/Cloud, FortiManager/Cloud; 6.4.x to 7.4.x with various sub-versions). The root cause is a stack-based overflow that allows an attacker to execute arbi...
CVE-2024-35273
CVE-2024-35273 affects Fortinet FortiManager and FortiAnalyzer, versions 7.4.0–7.4.2. The root cause is an out-of-bounds write that enables privilege escalation via specially crafted HTTP requests. Exploitation status is not described as active in the provided exploitation field, but the security...
CVE-2024-35275
Fortinet FortiAnalyzer and FortiManager are affected by CVE-2024-35275 due to improper neutralization of SQL commands (SQL injection) in versions 7.4.0–7.4.2. The flaw allows an attacker to escalate privileges via specially crafted HTTP requests. There is no explicit exploit in the provided docum...
CVE-2024-33503
CVE-2024-33503 concerns Fortinet FortiManager and FortiAnalyzer, with an issue described as improper privilege management that enables escalation of privileges via specific shell commands. Affected product families and versions are FortiManager 7.4.0–7.4.3, 7.2.0–7.2.5, 7.0.0–7.0.12, 6.4.0–6.4.14...
CVE-2024-45331
CVE-2024-45331 is a privilege-escalation flaw caused by incorrect privilege assignment in Fortinet FortiAnalyzer (versions 6.4.0–6.4.15, 7.0.0–7.0.13, 7.2.0–7.2.5, 7.4.0–7.4.3) and FortiManager (6.4.0–6.4.15, 7.0.0–7.0.13, 7.2.0–7.2.5, 7.4.0–7.4.2) as well as FortiAnalyzer Cloud (6.4.1–6.4.7, 7.0...
CVE-2024-50571
Mode C: CVE-2024-50571 is a heap-based buffer overflow affecting Fortinet FortiOS, FortiAnalyzer, FortiManager, FortiProxy and related cloud/services across many versions (e.g., FortiOS 6.x–7.6.2; FortiAnalyzer/Manager/Proxy clouds as listed). The vulnerability arises from specially crafted netwo...
CVE-2025-48418
The CVE-2025-48418 entry describes a hidden functionality privilege-escalation vulnerability affecting Fortinet FortiAnalyzer and FortiManager (including cloud variants) across multiple versions (FortiAnalyzer: 6.4 all, 7.0.x–7.6.3; FortiAnalyzer Cloud: 6.4 all, 7.0.1–7.6.3; FortiManager: 6.4 all...