Fortinet

Fortios

236 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-25250

  • EPSS 0.05%
  • Veröffentlicht 10.06.2025 16:36:19
  • Zuletzt bearbeitet 22.07.2025 17:52:45

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access f...

6.5

CVE-2025-24471

  • EPSS 0.03%
  • Veröffentlicht 10.06.2025 16:36:18
  • Zuletzt bearbeitet 22.07.2025 17:57:19

An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.

7.2

CVE-2025-22254

  • EPSS 0.07%
  • Veröffentlicht 10.06.2025 16:36:17
  • Zuletzt bearbeitet 22.07.2025 21:25:11

An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4....

5.3

CVE-2025-22251

  • EPSS 0.09%
  • Veröffentlicht 10.06.2025 16:36:12
  • Zuletzt bearbeitet 25.07.2025 15:26:10

An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized se...

4.8

CVE-2024-50562

Medienbericht
  • EPSS 0.38%
  • Veröffentlicht 10.06.2025 16:36:10
  • Zuletzt bearbeitet 25.07.2025 15:25:23

An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-...

7.2

CVE-2025-22252

  • EPSS 0.12%
  • Veröffentlicht 28.05.2025 07:55:49
  • Zuletzt bearbeitet 04.06.2025 14:35:38

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin...

5.3

CVE-2025-47294

  • EPSS 0.11%
  • Veröffentlicht 28.05.2025 07:55:39
  • Zuletzt bearbeitet 04.06.2025 15:37:29

A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via a specially crafted request.

3.7

CVE-2025-47295

  • EPSS 0.11%
  • Veröffentlicht 28.05.2025 07:54:05
  • Zuletzt bearbeitet 04.06.2025 15:37:21

A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare cond...

4.4

CVE-2024-32122

Medienbericht
  • EPSS 0.01%
  • Veröffentlicht 08.04.2025 14:15:31
  • Zuletzt bearbeitet 18.07.2025 14:23:53

A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.

7.5

CVE-2024-50565

Medienbericht
  • EPSS 0.06%
  • Veröffentlicht 08.04.2025 14:15:31
  • Zuletzt bearbeitet 25.07.2025 15:22:38

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiPro...