Fortinet

Fortiswitch

14 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-48887

Media report
  • EPSS 0.14%
  • Published 08.04.2025 16:52:02
  • Last modified 23.07.2025 16:03:34

A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request

9.8

CVE-2023-25610

Warning
  • EPSS 23.08%
  • Published 24.03.2025 15:39:48
  • Last modified 24.07.2025 19:56:34

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 t...

6.1

CVE-2022-23439

  • EPSS 0.06%
  • Published 22.01.2025 10:15:07
  • Last modified 12.02.2025 13:39:42

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before v...

9.8

CVE-2023-37936

  • EPSS 0.24%
  • Published 14.01.2025 14:15:26
  • Last modified 31.01.2025 17:42:50

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or comma...

7.8

CVE-2023-37937

  • EPSS 0.13%
  • Published 14.01.2025 14:15:26
  • Last modified 31.01.2025 17:43:14

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0...

8.8

CVE-2022-27488

  • EPSS 0.44%
  • Published 13.12.2023 07:15:10
  • Last modified 21.11.2024 06:55:49

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6...

6.5

CVE-2022-27490

  • EPSS 0.2%
  • Published 07.03.2023 17:15:11
  • Last modified 21.11.2024 06:55:49

A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4....

4.3

CVE-2021-43074

  • EPSS 0.09%
  • Published 16.02.2023 19:15:11
  • Last modified 21.11.2024 06:28:38

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all vers...

4.3

CVE-2021-42755

  • EPSS 0.16%
  • Published 18.07.2022 17:15:08
  • Last modified 21.11.2024 06:28:06

An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0...

6.7

CVE-2021-42757

  • EPSS 0.08%
  • Published 08.12.2021 11:15:11
  • Last modified 21.11.2024 06:28:06

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.