Fortinet

Fortios

236 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2025-24472

Warnung
  • EPSS 7.32%
  • Veröffentlicht 11.02.2025 17:15:34
  • Zuletzt bearbeitet 08.08.2025 16:06:31

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of u...

8.1

CVE-2024-35279

  • EPSS 0.19%
  • Veröffentlicht 11.02.2025 17:15:22
  • Zuletzt bearbeitet 17.07.2025 20:13:41

A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the C...

7.2

CVE-2024-40591

  • EPSS 0.12%
  • Veröffentlicht 11.02.2025 17:15:22
  • Zuletzt bearbeitet 17.07.2025 20:12:01

An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate ...

6.7

CVE-2023-40721

  • EPSS 0.04%
  • Veröffentlicht 11.02.2025 17:15:21
  • Zuletzt bearbeitet 24.07.2025 19:04:28

A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.6, FortiProxy version 7.4.0 and before 7.2.7, FortiPAM version 1.1.2 and before 1.0.3, FortiSwitchManager version 7.2....

6.1

CVE-2022-23439

  • EPSS 0.06%
  • Veröffentlicht 22.01.2025 10:15:07
  • Zuletzt bearbeitet 12.02.2025 13:39:42

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before v...

5.8

CVE-2024-54021

  • EPSS 0.09%
  • Veröffentlicht 14.01.2025 14:15:34
  • Zuletzt bearbeitet 08.08.2025 16:03:42

An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file fi...

9.8

CVE-2024-55591

Warnung
  • EPSS 94.18%
  • Veröffentlicht 14.01.2025 14:15:34
  • Zuletzt bearbeitet 23.01.2025 02:00:02

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privi...

9.8

CVE-2024-48886

  • EPSS 0.13%
  • Veröffentlicht 14.01.2025 14:15:33
  • Zuletzt bearbeitet 03.02.2025 22:16:04

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiM...

5.9

CVE-2024-52963

  • EPSS 0.06%
  • Veröffentlicht 14.01.2025 14:15:33
  • Zuletzt bearbeitet 03.02.2025 21:56:00

A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.

6.5

CVE-2024-46669

  • EPSS 0.24%
  • Veröffentlicht 14.01.2025 14:15:32
  • Zuletzt bearbeitet 31.01.2025 16:11:27

An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted reques...