CVE-2024-23663
- EPSS 0.51%
- Veröffentlicht 09.07.2024 16:15:04
- Zuletzt bearbeitet 21.11.2024 08:58:07
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.
CVE-2022-23447
- EPSS 0.11%
- Veröffentlicht 11.07.2023 17:15:10
- Zuletzt bearbeitet 21.11.2024 06:48:34
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3...
CVE-2022-27489
- EPSS 0.31%
- Veröffentlicht 16.02.2023 19:15:12
- Zuletzt bearbeitet 21.11.2024 06:55:49
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
- EPSS 0.81%
- Veröffentlicht 02.02.2022 11:15:07
- Zuletzt bearbeitet 21.11.2024 06:25:16
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI co...