Fortinet

Fortios

236 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-25250

  • EPSS 0.05%
  • Published 10.06.2025 16:36:19
  • Last modified 22.07.2025 17:52:45

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access f...

6.5

CVE-2025-24471

  • EPSS 0.03%
  • Published 10.06.2025 16:36:18
  • Last modified 22.07.2025 17:57:19

An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.

7.2

CVE-2025-22254

  • EPSS 0.07%
  • Published 10.06.2025 16:36:17
  • Last modified 22.07.2025 21:25:11

An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4....

5.3

CVE-2025-22251

  • EPSS 0.09%
  • Published 10.06.2025 16:36:12
  • Last modified 25.07.2025 15:26:10

An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized se...

4.8

CVE-2024-50562

Media report
  • EPSS 0.38%
  • Published 10.06.2025 16:36:10
  • Last modified 25.07.2025 15:25:23

An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-...

7.2

CVE-2025-22252

  • EPSS 0.12%
  • Published 28.05.2025 07:55:49
  • Last modified 04.06.2025 14:35:38

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin...

5.3

CVE-2025-47294

  • EPSS 0.11%
  • Published 28.05.2025 07:55:39
  • Last modified 04.06.2025 15:37:29

A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via a specially crafted request.

3.7

CVE-2025-47295

  • EPSS 0.11%
  • Published 28.05.2025 07:54:05
  • Last modified 04.06.2025 15:37:21

A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare cond...

4.4

CVE-2024-32122

Media report
  • EPSS 0.01%
  • Published 08.04.2025 14:15:31
  • Last modified 18.07.2025 14:23:53

A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.

7.5

CVE-2024-50565

Media report
  • EPSS 0.06%
  • Published 08.04.2025 14:15:31
  • Last modified 25.07.2025 15:22:38

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiPro...