Fortinet

FortiProxy

117 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-25610

Warnung
  • EPSS 25.03%
  • Veröffentlicht 24.03.2025 15:39:48
  • Zuletzt bearbeitet 24.07.2025 19:56:34

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 t...

5.4

CVE-2019-15706

  • EPSS 0.06%
  • Veröffentlicht 17.03.2025 13:05:08
  • Zuletzt bearbeitet 24.07.2025 20:15:24

An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below, version 5.6.12 may allow a remote authenticated at...

6.1

CVE-2024-26006

  • EPSS 0.55%
  • Veröffentlicht 14.03.2025 10:15:14
  • Zuletzt bearbeitet 24.07.2025 20:00:45

An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.1...

7.2

CVE-2024-45324

  • EPSS 0.1%
  • Veröffentlicht 11.03.2025 14:54:33
  • Zuletzt bearbeitet 24.07.2025 19:06:14

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7....

8.1

CVE-2025-24472

Warnung
  • EPSS 4.37%
  • Veröffentlicht 11.02.2025 17:15:34
  • Zuletzt bearbeitet 24.10.2025 12:53:29

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of u...

6.7

CVE-2023-40721

  • EPSS 0.04%
  • Veröffentlicht 11.02.2025 17:15:21
  • Zuletzt bearbeitet 14.01.2026 15:15:54

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests.

6.1

CVE-2022-23439

  • EPSS 0.13%
  • Veröffentlicht 22.01.2025 10:15:07
  • Zuletzt bearbeitet 14.01.2026 14:16:06

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

5.8

CVE-2024-54021

  • EPSS 0.09%
  • Veröffentlicht 14.01.2025 14:15:34
  • Zuletzt bearbeitet 08.08.2025 16:03:42

An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file fi...

9.8

CVE-2024-55591

Warnung
  • EPSS 94.11%
  • Veröffentlicht 14.01.2025 14:15:34
  • Zuletzt bearbeitet 24.10.2025 12:54:28

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privi...

9.8

CVE-2024-48886

  • EPSS 0.15%
  • Veröffentlicht 14.01.2025 14:15:33
  • Zuletzt bearbeitet 03.02.2025 22:16:04

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiM...