Search criteria
40 vulnerabilities found for FortiNDR by Fortinet
CERTFR-2026-AVI-0575
Vulnerability from certfr_avis - Published: 2026-05-13 - Updated: 2026-05-13
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiAP | FortiAP-W2 versions antérieures à 7.4.5 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antérieures à 7.6.5 | ||
| Fortinet | FortiSandbox | FortiSandbox PaaS 21.x, 22.x, et 23.x toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox PaaS versions 4.4.x antérieures à 4.4.9 | ||
| Fortinet | FortiAP | FortiAP versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiAP | FortiAP-U versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions 5.x et 6.x antérieures à 6.1 | ||
| Fortinet | FortiSandbox | FortiSandbox Cloud 24 toutes versions | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.5 | ||
| Fortinet | FortiClient | FortiClientWindows versions antérieures à 7.4.3 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.4.x antérieures à 4.4.9 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.9 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 5.x antérieures à 5.0.2 | ||
| Fortinet | N/A | FortiTokenAndroid versions antérieures à 6.4 | ||
| Fortinet | FortiAuthenticator | FortiAuthenticator versions 6.5.x antérieures à 6.5.7 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.4.9 | ||
| Fortinet | FortiSandbox | FortiSandbox Cloud 23 toutes versions | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiSandbox | FortiSandbox Cloud versions 5.x antérieures à 5.0.6 | ||
| Fortinet | FortiAuthenticator | FortiAuthenticator versions 6.6.x antérieures à 6.6.9 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.4.9 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.9 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.x antérieures à 7.4.10 | ||
| Fortinet | FortiAP | FortiAP versions antérieures à 7.4.6 | ||
| Fortinet | FortiSandbox | FortiSandbox PaaS versions 5.0.x antérieures à 5.0.2 | ||
| Fortinet | FortiAuthenticator | FortiAuthenticator versions 8.0.x antérieures à 8.0.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiAP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox PaaS 21.x, 22.x, et 23.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox PaaS versions 4.4.x ant\u00e9rieures \u00e0 4.4.9",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiAP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-U versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiAP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions 5.x et 6.x ant\u00e9rieures \u00e0 6.1",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox Cloud 24 toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.9",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 5.x ant\u00e9rieures \u00e0 5.0.2",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTokenAndroid versions ant\u00e9rieures \u00e0 6.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.5.x ant\u00e9rieures \u00e0 6.5.7",
"product": {
"name": "FortiAuthenticator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox Cloud 23 toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox Cloud versions 5.x ant\u00e9rieures \u00e0 5.0.6",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.6.x ant\u00e9rieures \u00e0 6.6.9",
"product": {
"name": "FortiAuthenticator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.x ant\u00e9rieures \u00e0 7.4.10",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP versions ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiAP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox PaaS versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 8.0.x ant\u00e9rieures \u00e0 8.0.3",
"product": {
"name": "FortiAuthenticator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-44279",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44279"
},
{
"name": "CVE-2026-25690",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25690"
},
{
"name": "CVE-2026-44277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44277"
},
{
"name": "CVE-2025-53844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53844"
},
{
"name": "CVE-2025-53681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53681"
},
{
"name": "CVE-2026-26083",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26083"
},
{
"name": "CVE-2025-67604",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67604"
},
{
"name": "CVE-2026-44278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44278"
},
{
"name": "CVE-2025-53680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53680"
},
{
"name": "CVE-2025-53870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53870"
},
{
"name": "CVE-2026-25088",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25088"
}
],
"initial_release_date": "2026-05-13T00:00:00",
"last_revision_date": "2026-05-13T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0575",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-137",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-137"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-133",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-133"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-138",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-138"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-130",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-130"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-134",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-134"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-136",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-136"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-123",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-123"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-129",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-129"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-128",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-128"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-132",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-132"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-131",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-131"
}
]
}
CERTFR-2026-AVI-0440
Vulnerability from certfr_avis - Published: 2026-04-15 - Updated: 2026-04-15
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiSOAR | FortiSOAR on-premise versions 7.6.x antérieures à 7.6.5 avec File Content Extraction Connector versions antérieures à 1.3.1 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.x antérieures à 7.4.9 | ||
| Fortinet | FortiNAC | FortiNAC-F versions 7.6.x antérieures à 7.6.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antérieures à 7.6.5 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.x antérieures à 7.4.9 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.x antérieures à 7.6.7 | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiSOAR | FortiSOAR PaaS versions 7.3.x, 7.4.x et 7.5.x antérieures à 7.5.3 avec File Content Extraction Connector versions antérieures à 1.3.1 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiSandbox | FortiSandbox PaaS versions 5.0.x antérieures à 5.0.6 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.6.x antérieures à 7.6.5 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 5.0.x antérieures à 5.0.6 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.4.10 | ||
| Fortinet | FortiDDoS | FortiDDoS-F versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.x antérieures à 7.4.9 | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.5 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions 7.x antérieures à 7.4.9 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.5 | ||
| Fortinet | FortiPAM | FortiPAM versions antérieures à 1.7.1 | ||
| Fortinet | FortiWeb | FortiWeb versions 8.0.x antérieures à 8.0.4 | ||
| Fortinet | FortiManager | FortiManager versions 7.x antérieures à 7.4.9 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.x antérieures à 7.4.12 | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise versions 7.3.x, 7.4.x et 7.5.x antérieures à 7.5.3 avec File Content Extraction Connector versions antérieures à 1.3.1 | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiSandbox | FortiSandbox PaaS versions 4.2.x et 4.4.x antérieures à 4.4.9 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions 7.6.x antérieures à 7.6.5 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.5 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.x antérieures à 7.2.13 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.2.x et 4.4.x antérieures à 4.4.9 (cette version reste affectée par la vulnérabilité CVE-2026-27316) | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiSOAR | FortiSOAR PaaS versions 7.6.x antérieures à 7.6.5 avec File Content Extraction Connector versions antérieures à 1.3.1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.5 avec File Content Extraction Connector versions ant\u00e9rieures \u00e0 1.3.1",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC-F versions 7.6.x ant\u00e9rieures \u00e0 7.6.6",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.x ant\u00e9rieures \u00e0 7.6.7",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR PaaS versions 7.3.x, 7.4.x et 7.5.x ant\u00e9rieures \u00e0 7.5.3 avec File Content Extraction Connector versions ant\u00e9rieures \u00e0 1.3.1",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox PaaS versions 5.0.x ant\u00e9rieures \u00e0 5.0.6",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.6",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions 7.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions ant\u00e9rieures \u00e0 1.7.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.x ant\u00e9rieures \u00e0 7.4.12",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise versions 7.3.x, 7.4.x et 7.5.x ant\u00e9rieures \u00e0 7.5.3 avec File Content Extraction Connector versions ant\u00e9rieures \u00e0 1.3.1",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox PaaS versions 4.2.x et 4.4.x ant\u00e9rieures \u00e0 4.4.9",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.x ant\u00e9rieures \u00e0 7.2.13",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.2.x et 4.4.x ant\u00e9rieures \u00e0 4.4.9 (cette version reste affect\u00e9e par la vuln\u00e9rabilit\u00e9 CVE-2026-27316)",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR PaaS versions 7.6.x ant\u00e9rieures \u00e0 7.6.5 avec File Content Extraction Connector versions ant\u00e9rieures \u00e0 1.3.1",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-39809",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39809"
},
{
"name": "CVE-2025-61848",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61848"
},
{
"name": "CVE-2026-22155",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22155"
},
{
"name": "CVE-2026-39812",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39812"
},
{
"name": "CVE-2026-21741",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21741"
},
{
"name": "CVE-2026-27316",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27316"
},
{
"name": "CVE-2025-61624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61624"
},
{
"name": "CVE-2026-39808",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39808"
},
{
"name": "CVE-2026-22574",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22574"
},
{
"name": "CVE-2025-61886",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61886"
},
{
"name": "CVE-2024-23104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23104"
},
{
"name": "CVE-2026-39811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39811"
},
{
"name": "CVE-2026-39814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39814"
},
{
"name": "CVE-2026-39810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39810"
},
{
"name": "CVE-2026-25691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25691"
},
{
"name": "CVE-2026-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22576"
},
{
"name": "CVE-2026-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22573"
},
{
"name": "CVE-2026-39815",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39815"
},
{
"name": "CVE-2026-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21742"
},
{
"name": "CVE-2026-22828",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22828"
},
{
"name": "CVE-2026-22154",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22154"
},
{
"name": "CVE-2026-23708",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23708"
},
{
"name": "CVE-2025-53847",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53847"
},
{
"name": "CVE-2026-39813",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39813"
},
{
"name": "CVE-2025-68649",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68649"
},
{
"name": "CVE-2025-59809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59809"
},
{
"name": "CVE-2026-40688",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40688"
}
],
"initial_release_date": "2026-04-15T00:00:00",
"last_revision_date": "2026-04-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0440",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-111",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-111"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-110",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-110"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-101",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-101"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-120",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-120"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-105",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-105"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-106",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-106"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-102",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-102"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-114",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-114"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-107",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-107"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-109",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-109"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-115",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-115"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-119",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-119"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-103",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-103"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-108",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-108"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-125",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-125"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-121",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-121"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-100",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-100"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-118",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-118"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-124",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-124"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-113",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-113"
},
{
"published_at": "2026-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-127",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-127"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-117",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-117"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-122",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-122"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-104",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-104"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-112",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-112"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-126",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-126"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-116",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-116"
}
]
}
CERTFR-2025-AVI-0871
Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiDLP | FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x | ||
| Fortinet | FortiADC | FortiADC toutes versions 6.2.x et 7.0.x | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10 | ||
| Fortinet | FortiTester | FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.0.7 à 6.0.12 | ||
| Fortinet | FortiClient | FortiClientMac toutes versions 7.0.x | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise toutes versions 7.3.x et 7.4.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiPAM | FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x | ||
| Fortinet | FortiSRA | FortiSRA versions 1.5.x antérieures à 1.5.1 | ||
| Fortinet | FortiWeb | FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x | ||
| Fortinet | FortiDLP | FortiDLP versions 12.2.x et antérieures à 12.2.3 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiNDR | FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiManager | FortiManager Cloud toutes versions 6.4.x | ||
| Fortinet | FortiPAM | FortiPAM versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.5.x antérieures à 1.5.1 | ||
| Fortinet | FortiSIEM | FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiSRA | FortiSRA versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiClient | FortiClientWindows toutes versions 7.0.x | ||
| Fortinet | FortiIsolator | FortiIsolator versions 2.4.x antérieures à 2.4.5 | ||
| Fortinet | FortiTester | FortiTester version 7.4 antérieures à 7.4.3 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.4.x antérieures à 6.4.10 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6 | ||
| Fortinet | FortiOS | FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x | ||
| Fortinet | FortiIsolator | FortiIsolator toutes versions 2.3.x | ||
| Fortinet | FortiADC | FortiADC versions 7.1.x antérieures à 7.1.5 | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud toutes versions 6.4.x | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.14 | ||
| Fortinet | FortiManager | FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.9 | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise versions 7.5.x antérieures à 7.5.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x",
"product": {
"name": "FortiDLP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC toutes versions 6.2.x et 7.0.x",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x",
"product": {
"name": "FortiTester",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.0.7 \u00e0 6.0.12",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac toutes versions 7.0.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise toutes versions 7.3.x et 7.4.x",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "FortiSRA",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDLP versions 12.2.x et ant\u00e9rieures \u00e0 12.2.3",
"product": {
"name": "FortiDLP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud toutes versions 6.4.x",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiSRA",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows toutes versions 7.0.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.5",
"product": {
"name": "FortiIsolator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester version 7.4 ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiTester",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator toutes versions 2.3.x",
"product": {
"name": "FortiIsolator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud toutes versions 6.4.x",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise versions 7.5.x ant\u00e9rieures \u00e0 7.5.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58325"
},
{
"name": "CVE-2025-46752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46752"
},
{
"name": "CVE-2025-31365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31365"
},
{
"name": "CVE-2025-49201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49201"
},
{
"name": "CVE-2025-54822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54822"
},
{
"name": "CVE-2025-57741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57741"
},
{
"name": "CVE-2025-58903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58903"
},
{
"name": "CVE-2025-31514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31514"
},
{
"name": "CVE-2025-25253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25253"
},
{
"name": "CVE-2024-33507",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33507"
},
{
"name": "CVE-2025-25255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25255"
},
{
"name": "CVE-2023-46718",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46718"
},
{
"name": "CVE-2025-47890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47890"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2024-26008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26008"
},
{
"name": "CVE-2025-25252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25252"
},
{
"name": "CVE-2024-48891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48891"
},
{
"name": "CVE-2025-59921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59921"
},
{
"name": "CVE-2025-53951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53951"
},
{
"name": "CVE-2025-53950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53950"
},
{
"name": "CVE-2025-58324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58324"
},
{
"name": "CVE-2025-53845",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53845"
},
{
"name": "CVE-2024-50571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50571"
},
{
"name": "CVE-2025-46774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46774"
},
{
"name": "CVE-2025-31366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31366"
},
{
"name": "CVE-2025-57716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57716"
},
{
"name": "CVE-2024-47569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47569"
},
{
"name": "CVE-2025-22258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22258"
},
{
"name": "CVE-2025-57740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57740"
},
{
"name": "CVE-2025-54973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54973"
},
{
"name": "CVE-2025-54658",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54658"
}
],
"initial_release_date": "2025-10-15T00:00:00",
"last_revision_date": "2025-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0871",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-372",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-372"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-412",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-412"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-228",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-228"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-280",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-280"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-685",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-685"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-452",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-452"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-487",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-487"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-639",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-639"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-037",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-037"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-684",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-684"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-354",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-354"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-041",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-041"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-198",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-198"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-160",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-160"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-361",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-361"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-861",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-861"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-542",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-542"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-771",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-771"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-010",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-010"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-378",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-378"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-442",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-442"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-664",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-664"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-756",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-756"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-126",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-126"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-628",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-628"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-457",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-457"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-062",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-062"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-546",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-546"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-653",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-653"
}
]
}
CERTFR-2025-AVI-0679
Vulnerability from certfr_avis - Published: 2025-08-13 - Updated: 2025-08-13
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Fortinet indique avoir connaissance de code d'exploitation public pour la vulnérabilité CVE-2025-25256.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions antérieures à 7.0.5 | ||
| Fortinet | FortiMail | FortiMail versions antérieures à 7.4.4 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.1.x antérieures à 7.1.8 | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.0.14 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.4.7 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.2.x antérieures à 7.2.11 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiSOAR | FortiSOAR versions antérieures à 7.5.2 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.4.8 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.5.x antérieures à 1.5.1 | ||
| Fortinet | FortiCamera | FortiCamera versions 2.1.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb versions 7.0.x antérieures à 7.0.11 | ||
| Fortinet | FortiPAM | FortiPAM versions antérieures à 1.4.3 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.9 | ||
| Fortinet | FortiManager | FortiManager Cloud versions antérieures à 7.2.10 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.3.x antérieures à 7.3.2 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 6.7.10 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiCamera | FortiCamera versions antérieures à 2.0.1 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiProxy | FortiProxy versions antérieures à 7.4.4 | ||
| Fortinet | FortiVoice | FortiVoice versions antérieures à 6.4.10 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.1.2 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.6.x antérieures à 7.6.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.1.x ant\u00e9rieures \u00e0 7.1.8",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.5.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiCamera versions 2.1.x toutes versions",
"product": {
"name": "FortiCamera",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.7.10",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiCamera versions ant\u00e9rieures \u00e0 2.0.1",
"product": {
"name": "FortiCamera",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-25248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25248"
},
{
"name": "CVE-2025-47857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47857"
},
{
"name": "CVE-2025-32766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32766"
},
{
"name": "CVE-2024-48892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48892"
},
{
"name": "CVE-2025-53744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53744"
},
{
"name": "CVE-2024-52964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52964"
},
{
"name": "CVE-2025-49813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49813"
},
{
"name": "CVE-2025-25256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25256"
},
{
"name": "CVE-2025-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52970"
},
{
"name": "CVE-2025-27759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27759"
},
{
"name": "CVE-2025-32932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32932"
},
{
"name": "CVE-2024-26009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26009"
},
{
"name": "CVE-2024-40588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40588"
},
{
"name": "CVE-2023-45584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45584"
}
],
"initial_release_date": "2025-08-13T00:00:00",
"last_revision_date": "2025-08-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0679",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique avoir connaissance de code d\u0027exploitation public pour la vuln\u00e9rabilit\u00e9 CVE-2025-25256.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-501",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-501"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-421",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-421"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-173",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-173"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-152",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-152"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-042",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-042"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-150",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-150"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-383",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-383"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-364",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-364"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-253",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-253"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-309",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-309"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-513",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-513"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-448",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-448"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-473",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-473"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-209",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-209"
}
]
}
CERTFR-2025-AVI-0399
Vulnerability from certfr_avis - Published: 2025-05-13 - Updated: 2025-05-13
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Fortinet indique que la vulnérabilité CVE-2025-32756 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiClient | FortiClientMac versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.1.x à 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiClientEMS | FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.0.7 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.x antérieures à 7.2.9 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.4.x antérieures à 6.4.6 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiCamera | FortiCamera versions antérieures à 2.1.4 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.0.15 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiVoice | FortiVoiceUCDesktop versions antérieures à 7.0 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.4.x antérieures à 6.4.11 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.8 | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiCamera versions ant\u00e9rieures \u00e0 2.1.4",
"product": {
"name": "FortiCamera",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceUCDesktop versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-25251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25251"
},
{
"name": "CVE-2025-47294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47294"
},
{
"name": "CVE-2025-24473",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24473"
},
{
"name": "CVE-2024-54020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54020"
},
{
"name": "CVE-2025-46777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46777"
},
{
"name": "CVE-2024-35281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35281"
},
{
"name": "CVE-2025-32756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"
},
{
"name": "CVE-2025-22252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22252"
},
{
"name": "CVE-2025-47295",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47295"
},
{
"name": "CVE-2025-22859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22859"
}
],
"initial_release_date": "2025-05-13T00:00:00",
"last_revision_date": "2025-05-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0399",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-32756 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-472",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-472"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-552",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-552"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-381",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-381"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-548",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-548"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-025",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-025"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-388",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-388"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-380",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-380"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-016",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-016"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-254"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-023",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-023"
}
]
}
CERTFR-2025-AVI-0197
Vulnerability from certfr_avis - Published: 2025-03-12 - Updated: 2025-03-12
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiMail | FortiMail versions antérieures à 7.4.4 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.1.x antérieures à 7.1.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.1.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.2.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions antérieures à 7.2.8 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.2.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.20 | ||
| Fortinet | N/A | FortiSRA versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 7.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiPAM | FortiPAM versions antérieures à 1.3.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.16 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.0.6 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 7.6.1 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 6.4.16 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiIsolator versions 2.4.x antérieures à 2.4.6 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 5.0.x antérieures à 5.0.1 | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 4.4.7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions ant\u00e9rieures \u00e0 1.3.2",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-54026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54026"
},
{
"name": "CVE-2024-45328",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45328"
},
{
"name": "CVE-2024-46663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46663"
},
{
"name": "CVE-2024-54018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54018"
},
{
"name": "CVE-2024-54027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54027"
},
{
"name": "CVE-2023-42784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42784"
},
{
"name": "CVE-2023-48790",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48790"
},
{
"name": "CVE-2024-32123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32123"
},
{
"name": "CVE-2024-55590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55590"
},
{
"name": "CVE-2024-52960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52960"
},
{
"name": "CVE-2023-40723",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40723"
},
{
"name": "CVE-2023-37933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37933"
},
{
"name": "CVE-2024-55597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55597"
},
{
"name": "CVE-2024-55592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55592"
},
{
"name": "CVE-2024-33501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33501"
},
{
"name": "CVE-2024-52961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52961"
},
{
"name": "CVE-2024-45324",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45324"
},
{
"name": "CVE-2024-55594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55594"
}
],
"initial_release_date": "2025-03-12T00:00:00",
"last_revision_date": "2025-03-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0197",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-261",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-261"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-130",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-130"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-439",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-439"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-327",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-327"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-124",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-124"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-306",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-306"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-216",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-216"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-110",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-110"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-117",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-117"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-377",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-377"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-353",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-353"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-305",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-305"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-178",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-178"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-115",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-115"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-325",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-325"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-331",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-331"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-353",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-353"
}
]
}
CVE-2026-25088 (GCVE-0-2026-25088)
Vulnerability from nvd – Published: 2026-05-12 16:54 – Updated: 2026-05-12 19:02
VLAI
Summary
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Severity
CWE
- CWE-89 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiNDR |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.4.0 , ≤ 7.4.9 (semver) Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 , ≤ 7.0.7 (semver) cpe:2.3:a:fortinet:fortindr:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T18:59:39.373512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T19:02:51.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortindr:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T16:54:07.352Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-134",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-134"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiNDR version 7.6.3 or above\nUpgrade to FortiNDR version 7.4.10 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-25088",
"datePublished": "2026-05-12T16:54:07.352Z",
"dateReserved": "2026-01-29T09:27:29.820Z",
"dateUpdated": "2026-05-12T19:02:51.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23104 (GCVE-0-2024-23104)
Vulnerability from nvd – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests
Severity
CWE
- CWE-200 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiVoice |
Affected:
7.0.0 , ≤ 7.0.1
(semver)
cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiNDR |
Affected:
7.6.0
Affected: 7.4.0 , ≤ 7.4.8 (semver) Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 , ≤ 7.0.7 (semver) cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:25:58.464987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:15.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiVoice",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.8",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:18.540Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-124",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-124"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiVoice version 7.0.2 or above\nUpgrade to FortiVoice version 6.4.9 or above\nUpgrade to FortiNDR version 7.6.1 or above\nUpgrade to FortiNDR version 7.4.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-23104",
"datePublished": "2026-04-14T15:38:18.540Z",
"dateReserved": "2024-01-11T16:29:07.978Z",
"dateUpdated": "2026-04-14T16:46:15.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47569 (GCVE-0-2024-47569)
Vulnerability from nvd – Published: 2025-10-14 15:23 – Updated: 2026-02-10 07:22
VLAI
Summary
A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets.
Severity
CWE
- CWE-201 - Information disclosure
Assigner
References
1 reference
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiManager Cloud |
Affected:
7.4.1 , ≤ 7.4.3
(semver)
cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:* |
|
| Fortinet | FortiTester |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.3.0 , ≤ 7.3.2 (semver) Affected: 7.2.0 , ≤ 7.2.3 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 Affected: 4.2.0 , ≤ 4.2.1 (semver) cpe:2.3:a:fortinet:fortitester:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiNDR |
Affected:
7.6.0 , ≤ 7.6.1
(semver)
Affected: 7.4.0 , ≤ 7.4.8 (semver) Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 , ≤ 7.0.7 (semver) Affected: 1.5.0 , ≤ 1.5.3 (semver) cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiManager |
Affected:
7.4.1 , ≤ 7.4.3
(semver)
cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* |
|
| Fortinet | FortiPAM |
Affected:
1.3.0 , ≤ 1.3.1
(semver)
Affected: 1.2.0 Affected: 1.1.0 , ≤ 1.1.2 (semver) Affected: 1.0.0 , ≤ 1.0.3 (semver) cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiOS |
Affected:
7.6.0
Affected: 7.4.0 , ≤ 7.4.4 (semver) Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.0.0 , ≤ 7.0.15 (semver) Affected: 6.4.0 , ≤ 6.4.15 (semver) cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiRecorder |
Affected:
7.2.0 , ≤ 7.2.1
(semver)
Affected: 7.0.0 , ≤ 7.0.4 (semver) cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiProxy |
Affected:
7.4.0 , ≤ 7.4.4
(semver)
Affected: 7.2.0 , ≤ 7.2.10 (semver) Affected: 7.0.0 , ≤ 7.0.23 (semver) cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiMail |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.6 (semver) Affected: 7.0.0 , ≤ 7.0.9 (semver) cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiWeb |
Affected:
7.6.0
Affected: 7.4.0 , ≤ 7.4.4 (semver) Affected: 7.2.0 , ≤ 7.2.12 (semver) Affected: 7.0.0 , ≤ 7.0.12 (semver) Affected: 6.4.0 , ≤ 6.4.3 (semver) cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiVoice |
Affected:
7.0.0 , ≤ 7.0.4
(semver)
Affected: 6.4.0 , ≤ 6.4.9 (semver) Affected: 6.0.7 , ≤ 6.0.12 (semver) cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T15:31:45.922521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T15:31:53.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager Cloud",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortitester:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiTester",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"lessThanOrEqual": "4.2.1",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.1",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.8",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiPAM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.15",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiRecorder",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiProxy",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.10",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.23",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiMail",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.6",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.12",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiVoice",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.12",
"status": "affected",
"version": "6.0.7",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T07:22:21.025Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-228",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-228"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiManager Cloud version 7.4.4 or above\nUpgrade to FortiTester version 7.6.0 or above\nUpgrade to FortiTester version 7.4.3 or above\nUpgrade to FortiNDR version 7.6.2 or above\nUpgrade to FortiNDR version 7.4.9 or above\nUpgrade to FortiManager version 7.6.2 or above\nUpgrade to FortiManager version 7.4.4 or above\nUpgrade to FortiPAM version 1.5.0 or above\nUpgrade to FortiPAM version 1.4.0 or above\nFortinet remediated this issue in FortiSASE version 24.3.b and hence customers do not need to perform any action.\nUpgrade to FortiOS version 7.6.1 or above\nUpgrade to FortiOS version 7.4.5 or above\nUpgrade to FortiOS version 7.2.9 or above\nUpgrade to FortiOS version 7.0.16 or above\nUpgrade to FortiOS version 6.4.16 or above\nUpgrade to FortiRecorder version 7.2.2 or above\nUpgrade to FortiRecorder version 7.0.5 or above\nUpgrade to FortiProxy version 7.4.5 or above\nUpgrade to FortiProxy version 7.2.11 or above\nUpgrade to FortiMail version 7.6.0 or above\nUpgrade to FortiMail version 7.4.3 or above\nUpgrade to FortiMail version 7.2.7 or above\nUpgrade to FortiWeb version 7.6.1 or above\nUpgrade to FortiWeb version 7.4.5 or above\nUpgrade to FortiVoice version 7.2.0 or above\nUpgrade to FortiVoice version 7.0.5 or above\nUpgrade to FortiVoice version 6.4.10 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-47569",
"datePublished": "2025-10-14T15:23:03.965Z",
"dateReserved": "2024-09-27T16:19:24.136Z",
"dateUpdated": "2026-02-10T07:22:21.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40588 (GCVE-0-2024-40588)
Vulnerability from nvd – Published: 2025-08-12 18:59 – Updated: 2026-01-14 09:17
VLAI
Summary
Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.
Severity
CWE
- CWE-23 - Improper access control
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiCamera |
Affected:
2.1.0 , ≤ 2.1.4
(semver)
Affected: 2.0.0 Affected: 1.1.0 , ≤ 1.1.5 (semver) Affected: 1.0.3 , ≤ 1.0.5 (semver) cpe:2.3:a:fortinet:forticamera:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.0.3:*:*:*:*:*:*:* |
|
| Fortinet | FortiNDR |
Affected:
7.6.0 , ≤ 7.6.1
(semver)
Affected: 7.4.0 , ≤ 7.4.6 (semver) Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 , ≤ 7.0.7 (semver) cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiMail |
Affected:
7.6.0 , ≤ 7.6.1
(semver)
Affected: 7.4.0 , ≤ 7.4.3 (semver) Affected: 7.2.0 , ≤ 7.2.9 (semver) Affected: 7.0.0 , ≤ 7.0.9 (semver) Affected: 6.4.0 , ≤ 6.4.8 (semver) cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiRecorder |
Affected:
7.2.0 , ≤ 7.2.1
(semver)
Affected: 7.0.0 , ≤ 7.0.4 (semver) Affected: 6.4.0 , ≤ 6.4.6 (semver) cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiVoice |
Affected:
7.0.0 , ≤ 7.0.3
(semver)
Affected: 6.4.0 , ≤ 6.4.9 (semver) Affected: 6.0.0 , ≤ 6.0.12 (semver) cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:38:50.113803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:39:38.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticamera:2.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiCamera",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.1.4",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"lessThanOrEqual": "1.1.5",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "1.0.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.1",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.6",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiMail",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.1",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.9",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.8",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiRecorder",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.6",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiVoice",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.12",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:17:11.543Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-309",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-309"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiCamera version 2.0.1 or above\nUpgrade to FortiNDR version 7.6.2 or above\nUpgrade to FortiNDR version 7.4.7 or above\nUpgrade to FortiMail version 7.6.2 or above\nUpgrade to FortiMail version 7.4.4 or above\nUpgrade to FortiRecorder version 7.2.2 or above\nUpgrade to FortiRecorder version 7.0.5 or above\nUpgrade to FortiFone version 3.0.24 or above\nUpgrade to FortiVoice version 7.2.0 or above\nUpgrade to FortiVoice version 7.0.5 or above\nUpgrade to FortiVoice version 6.4.10 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-40588",
"datePublished": "2025-08-12T18:59:11.807Z",
"dateReserved": "2024-07-05T11:55:50.010Z",
"dateUpdated": "2026-01-14T09:17:11.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32756 (GCVE-0-2025-32756)
Vulnerability from nvd – Published: 2025-05-13 14:46 – Updated: 2026-02-26 18:28
VLAI
CISA KEV
Summary
A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
Severity
9.6 (Critical)
CWE
- CWE-121 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiNDR |
Affected:
7.6.0
Affected: 7.4.0 , ≤ 7.4.7 (semver) Affected: 7.2.0 , ≤ 7.2.4 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 1.5.0 , ≤ 1.5.3 (semver) Affected: 1.4.0 Affected: 1.3.0 , ≤ 1.3.1 (semver) Affected: 1.2.0 Affected: 1.1.0 cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiCamera |
Affected:
2.1.0 , ≤ 2.1.3
(semver)
Affected: 2.0.0 Affected: 1.1.0 , ≤ 1.1.5 (semver) cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiRecorder |
Affected:
7.2.0 , ≤ 7.2.3
(semver)
Affected: 7.0.0 , ≤ 7.0.5 (semver) Affected: 6.4.0 , ≤ 6.4.5 (semver) cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiVoice |
Affected:
7.2.0
Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiMail |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.4.0 , ≤ 7.4.4 (semver) Affected: 7.2.0 , ≤ 7.2.7 (semver) Affected: 7.0.0 , ≤ 7.0.8 (semver) cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32756",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T04:01:18.017087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-05-14",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:36.454Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-14T00:00:00.000Z",
"value": "CVE-2025-32756 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiCamera",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"lessThanOrEqual": "1.1.5",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiRecorder",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiVoice",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiMail",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T12:54:22.845Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiNDR version 7.6.1 or above\nUpgrade to FortiNDR version 7.4.8 or above\nUpgrade to FortiNDR version 7.2.5 or above\nUpgrade to FortiNDR version 7.0.7 or above\nUpgrade to FortiCamera version 2.1.4 or above\nUpgrade to FortiRecorder version 7.2.4 or above\nUpgrade to FortiRecorder version 7.0.6 or above\nUpgrade to FortiRecorder version 6.4.6 or above\nUpgrade to FortiVoice version 7.2.1 or above\nUpgrade to FortiVoice version 7.0.7 or above\nUpgrade to FortiVoice version 6.4.11 or above\nUpgrade to FortiMail version 7.6.3 or above\nUpgrade to FortiMail version 7.4.5 or above\nUpgrade to FortiMail version 7.2.8 or above\nUpgrade to FortiMail version 7.0.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-32756",
"datePublished": "2025-05-13T14:46:44.208Z",
"dateReserved": "2025-04-10T08:12:12.347Z",
"dateUpdated": "2026-02-26T18:28:36.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-33302 (GCVE-0-2023-33302)
Vulnerability from nvd – Published: 2025-03-31 14:58 – Updated: 2025-03-31 15:30
VLAI
Summary
A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.
Severity
CWE
- CWE-120 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiNDR |
Affected:
7.2.0
Affected: 7.1.0 Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 1.5.0 , ≤ 1.5.3 (semver) Affected: 1.4.0 Affected: 1.3.0 , ≤ 1.3.1 (semver) Affected: 1.2.0 Affected: 1.1.0 |
|
| Fortinet | FortiMail |
Affected:
6.4.0 , ≤ 6.4.4
(semver)
Affected: 6.2.0 , ≤ 6.2.6 (semver) Affected: 6.0.0 , ≤ 6.0.10 (semver) Affected: 5.4.0 , ≤ 5.4.12 (semver) Affected: 5.3.12 , ≤ 5.3.13 (semver) Affected: 5.3.0 , ≤ 5.3.10 (semver) Affected: 5.2.0 , ≤ 5.2.10 (semver) Affected: 5.1.0 , ≤ 5.1.7 (semver) Affected: 5.0.0 , ≤ 5.0.11 (semver) cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33302",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T15:28:51.596601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T15:30:12.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiMail",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.10",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.12",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.13",
"status": "affected",
"version": "5.3.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.10",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.10",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.1.7",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.11",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T14:58:11.960Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-21-023",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-21-023"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiMail version 7.0.0 or above\nPlease upgrade to FortiMail version 6.4.5 or above\nPlease upgrade to FortiMail version 6.2.7 or above\nPlease upgrade to FortiMail version 6.0.11 or above\nPlease upgrade to FortiNDR version 7.2.1 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-33302",
"datePublished": "2025-03-31T14:58:11.960Z",
"dateReserved": "2023-05-22T07:58:22.197Z",
"dateUpdated": "2025-03-31T15:30:12.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24008 (GCVE-0-2021-24008)
Vulnerability from nvd – Published: 2025-03-28 10:13 – Updated: 2025-03-28 13:39
VLAI
Summary
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file.
Severity
CWE
- CWE-200 - Information disclosure
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiDDoS |
Affected:
5.4.0
Affected: 5.3.0 , ≤ 5.3.2 (semver) Affected: 5.2.0 Affected: 5.1.0 Affected: 5.0.0 Affected: 4.7.0 Affected: 4.6.0 Affected: 4.5.0 Affected: 4.4.0 , ≤ 4.4.2 (semver) cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiNDR |
Affected:
1.5.0 , ≤ 1.5.3
(semver)
Affected: 1.4.0 Affected: 1.3.0 , ≤ 1.3.1 (semver) Affected: 1.2.0 Affected: 1.1.0 |
|
| Fortinet | FortiDDoS-CM |
Affected:
5.3.0
Affected: 5.2.0 Affected: 5.1.0 Affected: 5.0.0 Affected: 4.7.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-24008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T13:38:44.887350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T13:39:11.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiDDoS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.4.0"
},
{
"lessThanOrEqual": "5.3.2",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.0"
},
{
"status": "affected",
"version": "4.7.0"
},
{
"status": "affected",
"version": "4.6.0"
},
{
"status": "affected",
"version": "4.5.0"
},
{
"lessThanOrEqual": "4.4.2",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.1.0"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiDDoS-CM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.3.0"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.0"
},
{
"status": "affected",
"version": "4.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T10:13:32.120Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-20-105",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-20-105"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiMail versions 6.0.10 or above.\n\r\nPlease upgrade to FortiMail versions 6.2.5 or above.\n\r\nPlease upgrade to FortiMail versions 6.4.2 or above."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2021-24008",
"datePublished": "2025-03-28T10:13:32.120Z",
"dateReserved": "2021-01-13T21:23:47.335Z",
"dateUpdated": "2025-03-28T13:39:11.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47573 (GCVE-0-2024-47573)
Vulnerability from nvd – Published: 2025-03-14 15:04 – Updated: 2025-03-14 17:53
VLAI
Summary
An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image.
Severity
CWE
- CWE-354 - Denial of service
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T17:53:14.212011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T17:53:27.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "Denial of service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:04:55.721Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-461",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-461"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNDR version 7.4.3 or above \nPlease upgrade to FortiNDR version 7.2.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-47573",
"datePublished": "2025-03-14T15:04:55.721Z",
"dateReserved": "2024-09-27T16:19:24.136Z",
"dateUpdated": "2025-03-14T17:53:27.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48790 (GCVE-0-2023-48790)
Vulnerability from nvd – Published: 2025-03-11 14:54 – Updated: 2025-03-11 16:05
VLAI
Summary
A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests.
Severity
CWE
- CWE-352 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T16:03:35.954580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:05:58.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:31.599Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNDR version 7.4.1 or above \nPlease upgrade to FortiNDR version 7.2.2 or above \nPlease upgrade to FortiNDR version 7.1.2 or above \nPlease upgrade to FortiNDR version 7.0.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-48790",
"datePublished": "2025-03-11T14:54:31.599Z",
"dateReserved": "2023-11-19T19:58:38.554Z",
"dateUpdated": "2025-03-11T16:05:58.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-25088 (GCVE-0-2026-25088)
Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-05-12 19:02
VLAI
Summary
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Severity
CWE
- CWE-89 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiNDR |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.4.0 , ≤ 7.4.9 (semver) Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 , ≤ 7.0.7 (semver) cpe:2.3:a:fortinet:fortindr:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T18:59:39.373512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T19:02:51.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortindr:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T16:54:07.352Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-134",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-134"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiNDR version 7.6.3 or above\nUpgrade to FortiNDR version 7.4.10 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-25088",
"datePublished": "2026-05-12T16:54:07.352Z",
"dateReserved": "2026-01-29T09:27:29.820Z",
"dateUpdated": "2026-05-12T19:02:51.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23104 (GCVE-0-2024-23104)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests
Severity
CWE
- CWE-200 - Information disclosure
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiVoice |
Affected:
7.0.0 , ≤ 7.0.1
(semver)
cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiNDR |
Affected:
7.6.0
Affected: 7.4.0 , ≤ 7.4.8 (semver) Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 , ≤ 7.0.7 (semver) cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:25:58.464987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:15.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiVoice",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.8",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:18.540Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-124",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-124"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiVoice version 7.0.2 or above\nUpgrade to FortiVoice version 6.4.9 or above\nUpgrade to FortiNDR version 7.6.1 or above\nUpgrade to FortiNDR version 7.4.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-23104",
"datePublished": "2026-04-14T15:38:18.540Z",
"dateReserved": "2024-01-11T16:29:07.978Z",
"dateUpdated": "2026-04-14T16:46:15.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47569 (GCVE-0-2024-47569)
Vulnerability from cvelistv5 – Published: 2025-10-14 15:23 – Updated: 2026-02-10 07:22
VLAI
Summary
A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets.
Severity
CWE
- CWE-201 - Information disclosure
Assigner
References
1 reference
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiManager Cloud |
Affected:
7.4.1 , ≤ 7.4.3
(semver)
cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:* |
|
| Fortinet | FortiTester |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.3.0 , ≤ 7.3.2 (semver) Affected: 7.2.0 , ≤ 7.2.3 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 Affected: 4.2.0 , ≤ 4.2.1 (semver) cpe:2.3:a:fortinet:fortitester:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiNDR |
Affected:
7.6.0 , ≤ 7.6.1
(semver)
Affected: 7.4.0 , ≤ 7.4.8 (semver) Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 , ≤ 7.0.7 (semver) Affected: 1.5.0 , ≤ 1.5.3 (semver) cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiManager |
Affected:
7.4.1 , ≤ 7.4.3
(semver)
cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* |
|
| Fortinet | FortiPAM |
Affected:
1.3.0 , ≤ 1.3.1
(semver)
Affected: 1.2.0 Affected: 1.1.0 , ≤ 1.1.2 (semver) Affected: 1.0.0 , ≤ 1.0.3 (semver) cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiOS |
Affected:
7.6.0
Affected: 7.4.0 , ≤ 7.4.4 (semver) Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.0.0 , ≤ 7.0.15 (semver) Affected: 6.4.0 , ≤ 6.4.15 (semver) cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiRecorder |
Affected:
7.2.0 , ≤ 7.2.1
(semver)
Affected: 7.0.0 , ≤ 7.0.4 (semver) cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiProxy |
Affected:
7.4.0 , ≤ 7.4.4
(semver)
Affected: 7.2.0 , ≤ 7.2.10 (semver) Affected: 7.0.0 , ≤ 7.0.23 (semver) cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiMail |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.6 (semver) Affected: 7.0.0 , ≤ 7.0.9 (semver) cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiWeb |
Affected:
7.6.0
Affected: 7.4.0 , ≤ 7.4.4 (semver) Affected: 7.2.0 , ≤ 7.2.12 (semver) Affected: 7.0.0 , ≤ 7.0.12 (semver) Affected: 6.4.0 , ≤ 6.4.3 (semver) cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiVoice |
Affected:
7.0.0 , ≤ 7.0.4
(semver)
Affected: 6.4.0 , ≤ 6.4.9 (semver) Affected: 6.0.7 , ≤ 6.0.12 (semver) cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T15:31:45.922521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T15:31:53.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager Cloud",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortitester:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiTester",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"lessThanOrEqual": "4.2.1",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.1",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.8",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiPAM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.15",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiRecorder",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiProxy",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.10",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.23",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiMail",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.6",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.12",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiVoice",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.12",
"status": "affected",
"version": "6.0.7",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T07:22:21.025Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-228",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-228"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiManager Cloud version 7.4.4 or above\nUpgrade to FortiTester version 7.6.0 or above\nUpgrade to FortiTester version 7.4.3 or above\nUpgrade to FortiNDR version 7.6.2 or above\nUpgrade to FortiNDR version 7.4.9 or above\nUpgrade to FortiManager version 7.6.2 or above\nUpgrade to FortiManager version 7.4.4 or above\nUpgrade to FortiPAM version 1.5.0 or above\nUpgrade to FortiPAM version 1.4.0 or above\nFortinet remediated this issue in FortiSASE version 24.3.b and hence customers do not need to perform any action.\nUpgrade to FortiOS version 7.6.1 or above\nUpgrade to FortiOS version 7.4.5 or above\nUpgrade to FortiOS version 7.2.9 or above\nUpgrade to FortiOS version 7.0.16 or above\nUpgrade to FortiOS version 6.4.16 or above\nUpgrade to FortiRecorder version 7.2.2 or above\nUpgrade to FortiRecorder version 7.0.5 or above\nUpgrade to FortiProxy version 7.4.5 or above\nUpgrade to FortiProxy version 7.2.11 or above\nUpgrade to FortiMail version 7.6.0 or above\nUpgrade to FortiMail version 7.4.3 or above\nUpgrade to FortiMail version 7.2.7 or above\nUpgrade to FortiWeb version 7.6.1 or above\nUpgrade to FortiWeb version 7.4.5 or above\nUpgrade to FortiVoice version 7.2.0 or above\nUpgrade to FortiVoice version 7.0.5 or above\nUpgrade to FortiVoice version 6.4.10 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-47569",
"datePublished": "2025-10-14T15:23:03.965Z",
"dateReserved": "2024-09-27T16:19:24.136Z",
"dateUpdated": "2026-02-10T07:22:21.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40588 (GCVE-0-2024-40588)
Vulnerability from cvelistv5 – Published: 2025-08-12 18:59 – Updated: 2026-01-14 09:17
VLAI
Summary
Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.
Severity
CWE
- CWE-23 - Improper access control
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiCamera |
Affected:
2.1.0 , ≤ 2.1.4
(semver)
Affected: 2.0.0 Affected: 1.1.0 , ≤ 1.1.5 (semver) Affected: 1.0.3 , ≤ 1.0.5 (semver) cpe:2.3:a:fortinet:forticamera:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.0.3:*:*:*:*:*:*:* |
|
| Fortinet | FortiNDR |
Affected:
7.6.0 , ≤ 7.6.1
(semver)
Affected: 7.4.0 , ≤ 7.4.6 (semver) Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 , ≤ 7.0.7 (semver) cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiMail |
Affected:
7.6.0 , ≤ 7.6.1
(semver)
Affected: 7.4.0 , ≤ 7.4.3 (semver) Affected: 7.2.0 , ≤ 7.2.9 (semver) Affected: 7.0.0 , ≤ 7.0.9 (semver) Affected: 6.4.0 , ≤ 6.4.8 (semver) cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiRecorder |
Affected:
7.2.0 , ≤ 7.2.1
(semver)
Affected: 7.0.0 , ≤ 7.0.4 (semver) Affected: 6.4.0 , ≤ 6.4.6 (semver) cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiVoice |
Affected:
7.0.0 , ≤ 7.0.3
(semver)
Affected: 6.4.0 , ≤ 6.4.9 (semver) Affected: 6.0.0 , ≤ 6.0.12 (semver) cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:38:50.113803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:39:38.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticamera:2.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiCamera",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.1.4",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"lessThanOrEqual": "1.1.5",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "1.0.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.1",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.6",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiMail",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.1",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.9",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.8",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiRecorder",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.6",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiVoice",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.9",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.12",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:17:11.543Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-309",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-309"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiCamera version 2.0.1 or above\nUpgrade to FortiNDR version 7.6.2 or above\nUpgrade to FortiNDR version 7.4.7 or above\nUpgrade to FortiMail version 7.6.2 or above\nUpgrade to FortiMail version 7.4.4 or above\nUpgrade to FortiRecorder version 7.2.2 or above\nUpgrade to FortiRecorder version 7.0.5 or above\nUpgrade to FortiFone version 3.0.24 or above\nUpgrade to FortiVoice version 7.2.0 or above\nUpgrade to FortiVoice version 7.0.5 or above\nUpgrade to FortiVoice version 6.4.10 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-40588",
"datePublished": "2025-08-12T18:59:11.807Z",
"dateReserved": "2024-07-05T11:55:50.010Z",
"dateUpdated": "2026-01-14T09:17:11.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32756 (GCVE-0-2025-32756)
Vulnerability from cvelistv5 – Published: 2025-05-13 14:46 – Updated: 2026-02-26 18:28
VLAI
CISA KEV
Summary
A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
Severity
9.6 (Critical)
CWE
- CWE-121 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiNDR |
Affected:
7.6.0
Affected: 7.4.0 , ≤ 7.4.7 (semver) Affected: 7.2.0 , ≤ 7.2.4 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 1.5.0 , ≤ 1.5.3 (semver) Affected: 1.4.0 Affected: 1.3.0 , ≤ 1.3.1 (semver) Affected: 1.2.0 Affected: 1.1.0 cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiCamera |
Affected:
2.1.0 , ≤ 2.1.3
(semver)
Affected: 2.0.0 Affected: 1.1.0 , ≤ 1.1.5 (semver) cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiRecorder |
Affected:
7.2.0 , ≤ 7.2.3
(semver)
Affected: 7.0.0 , ≤ 7.0.5 (semver) Affected: 6.4.0 , ≤ 6.4.5 (semver) cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiVoice |
Affected:
7.2.0
Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiMail |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.4.0 , ≤ 7.4.4 (semver) Affected: 7.2.0 , ≤ 7.2.7 (semver) Affected: 7.0.0 , ≤ 7.0.8 (semver) cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32756",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T04:01:18.017087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-05-14",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:36.454Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-14T00:00:00.000Z",
"value": "CVE-2025-32756 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiCamera",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"lessThanOrEqual": "1.1.5",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiRecorder",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiVoice",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiMail",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T12:54:22.845Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiNDR version 7.6.1 or above\nUpgrade to FortiNDR version 7.4.8 or above\nUpgrade to FortiNDR version 7.2.5 or above\nUpgrade to FortiNDR version 7.0.7 or above\nUpgrade to FortiCamera version 2.1.4 or above\nUpgrade to FortiRecorder version 7.2.4 or above\nUpgrade to FortiRecorder version 7.0.6 or above\nUpgrade to FortiRecorder version 6.4.6 or above\nUpgrade to FortiVoice version 7.2.1 or above\nUpgrade to FortiVoice version 7.0.7 or above\nUpgrade to FortiVoice version 6.4.11 or above\nUpgrade to FortiMail version 7.6.3 or above\nUpgrade to FortiMail version 7.4.5 or above\nUpgrade to FortiMail version 7.2.8 or above\nUpgrade to FortiMail version 7.0.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-32756",
"datePublished": "2025-05-13T14:46:44.208Z",
"dateReserved": "2025-04-10T08:12:12.347Z",
"dateUpdated": "2026-02-26T18:28:36.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-33302 (GCVE-0-2023-33302)
Vulnerability from cvelistv5 – Published: 2025-03-31 14:58 – Updated: 2025-03-31 15:30
VLAI
Summary
A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.
Severity
CWE
- CWE-120 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiNDR |
Affected:
7.2.0
Affected: 7.1.0 Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 1.5.0 , ≤ 1.5.3 (semver) Affected: 1.4.0 Affected: 1.3.0 , ≤ 1.3.1 (semver) Affected: 1.2.0 Affected: 1.1.0 |
|
| Fortinet | FortiMail |
Affected:
6.4.0 , ≤ 6.4.4
(semver)
Affected: 6.2.0 , ≤ 6.2.6 (semver) Affected: 6.0.0 , ≤ 6.0.10 (semver) Affected: 5.4.0 , ≤ 5.4.12 (semver) Affected: 5.3.12 , ≤ 5.3.13 (semver) Affected: 5.3.0 , ≤ 5.3.10 (semver) Affected: 5.2.0 , ≤ 5.2.10 (semver) Affected: 5.1.0 , ≤ 5.1.7 (semver) Affected: 5.0.0 , ≤ 5.0.11 (semver) cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33302",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T15:28:51.596601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T15:30:12.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiMail",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.10",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.12",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.13",
"status": "affected",
"version": "5.3.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.10",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.10",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.1.7",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.11",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T14:58:11.960Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-21-023",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-21-023"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiMail version 7.0.0 or above\nPlease upgrade to FortiMail version 6.4.5 or above\nPlease upgrade to FortiMail version 6.2.7 or above\nPlease upgrade to FortiMail version 6.0.11 or above\nPlease upgrade to FortiNDR version 7.2.1 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-33302",
"datePublished": "2025-03-31T14:58:11.960Z",
"dateReserved": "2023-05-22T07:58:22.197Z",
"dateUpdated": "2025-03-31T15:30:12.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24008 (GCVE-0-2021-24008)
Vulnerability from cvelistv5 – Published: 2025-03-28 10:13 – Updated: 2025-03-28 13:39
VLAI
Summary
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file.
Severity
CWE
- CWE-200 - Information disclosure
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiDDoS |
Affected:
5.4.0
Affected: 5.3.0 , ≤ 5.3.2 (semver) Affected: 5.2.0 Affected: 5.1.0 Affected: 5.0.0 Affected: 4.7.0 Affected: 4.6.0 Affected: 4.5.0 Affected: 4.4.0 , ≤ 4.4.2 (semver) cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiNDR |
Affected:
1.5.0 , ≤ 1.5.3
(semver)
Affected: 1.4.0 Affected: 1.3.0 , ≤ 1.3.1 (semver) Affected: 1.2.0 Affected: 1.1.0 |
|
| Fortinet | FortiDDoS-CM |
Affected:
5.3.0
Affected: 5.2.0 Affected: 5.1.0 Affected: 5.0.0 Affected: 4.7.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-24008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T13:38:44.887350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T13:39:11.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiDDoS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.4.0"
},
{
"lessThanOrEqual": "5.3.2",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.0"
},
{
"status": "affected",
"version": "4.7.0"
},
{
"status": "affected",
"version": "4.6.0"
},
{
"status": "affected",
"version": "4.5.0"
},
{
"lessThanOrEqual": "4.4.2",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.1.0"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiDDoS-CM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.3.0"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.0"
},
{
"status": "affected",
"version": "4.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T10:13:32.120Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-20-105",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-20-105"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiMail versions 6.0.10 or above.\n\r\nPlease upgrade to FortiMail versions 6.2.5 or above.\n\r\nPlease upgrade to FortiMail versions 6.4.2 or above."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2021-24008",
"datePublished": "2025-03-28T10:13:32.120Z",
"dateReserved": "2021-01-13T21:23:47.335Z",
"dateUpdated": "2025-03-28T13:39:11.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47573 (GCVE-0-2024-47573)
Vulnerability from cvelistv5 – Published: 2025-03-14 15:04 – Updated: 2025-03-14 17:53
VLAI
Summary
An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image.
Severity
CWE
- CWE-354 - Denial of service
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T17:53:14.212011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T17:53:27.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "Denial of service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:04:55.721Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-461",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-461"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNDR version 7.4.3 or above \nPlease upgrade to FortiNDR version 7.2.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-47573",
"datePublished": "2025-03-14T15:04:55.721Z",
"dateReserved": "2024-09-27T16:19:24.136Z",
"dateUpdated": "2025-03-14T17:53:27.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48790 (GCVE-0-2023-48790)
Vulnerability from cvelistv5 – Published: 2025-03-11 14:54 – Updated: 2025-03-11 16:05
VLAI
Summary
A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests.
Severity
CWE
- CWE-352 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T16:03:35.954580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:05:58.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:31.599Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-353"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNDR version 7.4.1 or above \nPlease upgrade to FortiNDR version 7.2.2 or above \nPlease upgrade to FortiNDR version 7.1.2 or above \nPlease upgrade to FortiNDR version 7.0.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-48790",
"datePublished": "2025-03-11T14:54:31.599Z",
"dateReserved": "2023-11-19T19:58:38.554Z",
"dateUpdated": "2025-03-11T16:05:58.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202505-1884
Vulnerability from variot - Updated: 2025-11-18 15:22A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie. FortiMail , FortiNDR , FortiRecorder Multiple Fortinet products, including firmware, contain stack-based buffer overflow vulnerabilities and out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-1884",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortivoice",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.11"
},
{
"model": "fortindr",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.1.0"
},
{
"model": "fortirecorder",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.6"
},
{
"model": "forticamera",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.1.0"
},
{
"model": "fortimail",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortivoice",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortirecorder",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.6"
},
{
"model": "fortindr",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.6.0"
},
{
"model": "fortivoice",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.7"
},
{
"model": "fortimail",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.6.3"
},
{
"model": "fortindr",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.5"
},
{
"model": "fortimail",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.6.0"
},
{
"model": "fortindr",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.2.0"
},
{
"model": "fortimail",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortimail",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.5"
},
{
"model": "fortindr",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.8"
},
{
"model": "fortindr",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.3.0"
},
{
"model": "fortivoice",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortimail",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.9"
},
{
"model": "fortirecorder",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "forticamera",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.1.5"
},
{
"model": "fortimail",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.0"
},
{
"model": "fortindr",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.7"
},
{
"model": "fortirecorder",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "forticamera",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "2.1.3"
},
{
"model": "fortindr",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortindr",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortindr",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.1.1"
},
{
"model": "fortivoice",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortimail",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.8"
},
{
"model": "fortindr",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.1.0"
},
{
"model": "fortindr",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.4.0"
},
{
"model": "fortirecorder",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "forticamera",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "2.0.0"
},
{
"model": "fortindr",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.0"
},
{
"model": "fortirecorder",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.4"
},
{
"model": "fortindr",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.5.0"
},
{
"model": "fortimail",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortivoice",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortirecorder",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "forticamera",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortindr",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005271"
},
{
"db": "NVD",
"id": "CVE-2025-32756"
}
]
},
"cve": "CVE-2025-32756",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2025-32756",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2025-32756",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "psirt@fortinet.com",
"id": "CVE-2025-32756",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-32756",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2025-32756",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005271"
},
{
"db": "NVD",
"id": "CVE-2025-32756"
},
{
"db": "NVD",
"id": "CVE-2025-32756"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie. FortiMail , FortiNDR , FortiRecorder Multiple Fortinet products, including firmware, contain stack-based buffer overflow vulnerabilities and out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-32756"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005271"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-32756",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005271",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005271"
},
{
"db": "NVD",
"id": "CVE-2025-32756"
}
]
},
"id": "VAR-202505-1884",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26984128
},
"last_update_date": "2025-11-18T15:22:40.188000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-25-254",
"trust": 0.8,
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005271"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005271"
},
{
"db": "NVD",
"id": "CVE-2025-32756"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2025-32756"
},
{
"trust": 1.0,
"url": "https://fortiguard.fortinet.com/psirt/fg-ir-25-254"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-32756"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005271"
},
{
"db": "NVD",
"id": "CVE-2025-32756"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005271"
},
{
"db": "NVD",
"id": "CVE-2025-32756"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-005271"
},
{
"date": "2025-05-13T15:15:57.113000",
"db": "NVD",
"id": "CVE-2025-32756"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-20T00:50:00",
"db": "JVNDB",
"id": "JVNDB-2025-005271"
},
{
"date": "2025-10-24T12:53:20.003000",
"db": "NVD",
"id": "CVE-2025-32756"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow vulnerability in multiple Fortinet products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005271"
}
],
"trust": 0.8
}
}
VAR-202112-0338
Vulnerability from variot - Updated: 2025-10-16 23:51A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0338",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortivoice",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.4"
},
{
"model": "fortiproxy",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "2.0.7"
},
{
"model": "fortivoice",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortiweb",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortimanager",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.7"
},
{
"model": "fortimanager",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortimanager",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortindr",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.1.0"
},
{
"model": "fortios",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.0"
},
{
"model": "fortirecorder",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.10"
},
{
"model": "fortiswitch",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.9"
},
{
"model": "fortiadc",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.0"
},
{
"model": "fortirecorder",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "2.6.0"
},
{
"model": "fortiadc",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.1.5"
},
{
"model": "fortiadc",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.2"
},
{
"model": "fortiswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortiswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortirecorder",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.2"
},
{
"model": "fortimail",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.2"
},
{
"model": "fortios",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.2"
},
{
"model": "fortiweb",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.3.16"
},
{
"model": "fortianalyzer",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.2"
},
{
"model": "fortiweb",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.0"
},
{
"model": "fortios",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.13"
},
{
"model": "fortios",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.9"
},
{
"model": "fortirecorder",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortios",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.0"
},
{
"model": "fortivoice",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.10"
},
{
"model": "fortimail",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortimail",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.6"
},
{
"model": "fortios-6k7k",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.8"
},
{
"model": "fortios",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortiproxy",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortios",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.7"
},
{
"model": "fortindr",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.5.2"
},
{
"model": "fortios-6k7k",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.2"
},
{
"model": "fortianalyzer",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.7"
},
{
"model": "fortiweb",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.1"
},
{
"model": "fortiproxy",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.0.0"
},
{
"model": "fortimanager",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.2"
},
{
"model": "fortivoice",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortimail",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.4.0"
},
{
"model": "fortiproxy",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.1"
},
{
"model": "fortimail",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.7"
},
{
"model": "fortianalyzer",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortios",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortianalyzer",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortimail",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortiportal",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.10"
},
{
"model": "fortios-6k7k",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.6"
},
{
"model": "fortiportal",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.0"
},
{
"model": "fortiswitch",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.3"
},
{
"model": "fortiadc",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.0"
},
{
"model": "fortimanager",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortios",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortianalyzer",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortiweb",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016008"
},
{
"db": "NVD",
"id": "CVE-2021-42757"
}
]
},
"cve": "CVE-2021-42757",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-42757",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-403819",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2021-42757",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-016008",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42757",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2021-42757",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-42757",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-559",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-403819",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-403819"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-559"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016008"
},
{
"db": "NVD",
"id": "CVE-2021-42757"
},
{
"db": "NVD",
"id": "CVE-2021-42757"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42757"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016008"
},
{
"db": "VULHUB",
"id": "VHN-403819"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42757",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016008",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-559",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-403819",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-403819"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-559"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016008"
},
{
"db": "NVD",
"id": "CVE-2021-42757"
}
]
},
"id": "VAR-202112-0338",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-403819"
}
],
"trust": 0.36984128000000005
},
"last_update_date": "2025-10-16T23:51:10.317000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-21-173",
"trust": 0.8,
"url": "https://www.fortiguard.com/psirt/FG-IR-21-173"
},
{
"title": "Fortinet FortiOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173877"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-559"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-403819"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016008"
},
{
"db": "NVD",
"id": "CVE-2021-42757"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/advisory/fg-ir-21-173"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42757"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fortios-buffer-overflow-via-tftp-client-library-37026"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-403819"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-559"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016008"
},
{
"db": "NVD",
"id": "CVE-2021-42757"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-403819"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-559"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016008"
},
{
"db": "NVD",
"id": "CVE-2021-42757"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-403819"
},
{
"date": "2021-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-559"
},
{
"date": "2022-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016008"
},
{
"date": "2021-12-08T11:15:11.840000",
"db": "NVD",
"id": "CVE-2021-42757"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-403819"
},
{
"date": "2021-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-559"
},
{
"date": "2022-12-05T06:18:00",
"db": "JVNDB",
"id": "JVNDB-2021-016008"
},
{
"date": "2025-10-16T10:15:36.230000",
"db": "NVD",
"id": "CVE-2021-42757"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-559"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiOS\u00a0 of \u00a0TFTP\u00a0 client library and \u00a0FortiOS\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016008"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-559"
}
],
"trust": 0.6
}
}
VAR-202510-0661
Vulnerability from variot - Updated: 2025-10-16 23:44A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiVoice 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.7 through 6.0.12, FortiMail 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.9, FortiOS 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, 6.2.0 through 6.2.17, 6.0.0 through 6.0.18, FortiWeb 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.11, 7.0.0 through 7.0.11, 6.4.0 through 6.4.3, FortiRecorder 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiNDR 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.5, 7.1.0 through 7.1.1, 7.0.0 through 7.0.7, 1.5.0 through 1.5.3, FortiPAM 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiTester 7.4.0 through 7.4.2, 7.3.0 through 7.3.2, 7.2.0 through 7.2.3, 7.1.0 through 7.1.1, 7.0.0, 4.2.0 through 4.2.1, FortiProxy 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.21, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager 7.6.0 through 7.6.1, 7.4.1 through 7.4.3 allows attacker to disclose sensitive information via specially crafted packets.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202510-0661",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortimanager",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.1"
},
{
"model": "fortimanager",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.6.2"
},
{
"model": "fortimail",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.7"
},
{
"model": "fortiproxy",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.0"
},
{
"model": "fortitester",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.3"
},
{
"model": "fortiweb",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortiproxy",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.5"
},
{
"model": "fortimail",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.0"
},
{
"model": "fortios",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.5"
},
{
"model": "fortimanager",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.6.0"
},
{
"model": "fortindr",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.6.0"
},
{
"model": "fortindr",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.6.2"
},
{
"model": "fortisase",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "24.3.20"
},
{
"model": "fortindr",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.5.0"
},
{
"model": "fortivoice",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.5"
},
{
"model": "fortivoice",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.10"
},
{
"model": "fortivoice",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.7"
},
{
"model": "fortiproxy",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.11"
},
{
"model": "fortirecorder",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.5"
},
{
"model": "fortiweb",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.5"
},
{
"model": "fortindr",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.9"
},
{
"model": "fortimanager cloud",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.1"
},
{
"model": "fortios",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortimanager",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.4"
},
{
"model": "fortirecorder",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.2"
},
{
"model": "fortios",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.6.0"
},
{
"model": "fortitester",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "4.2.0"
},
{
"model": "fortimail",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortios",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortimail",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.3"
},
{
"model": "fortios",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortios",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.9"
},
{
"model": "fortipam",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.3.1"
},
{
"model": "fortios",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.16"
},
{
"model": "fortirecorder",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortiproxy",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.0.0"
},
{
"model": "fortivoice",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortiweb",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.6.0"
},
{
"model": "fortirecorder",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortimanager cloud",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.4"
},
{
"model": "fortios",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.16"
},
{
"model": "fortipam",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.0.0"
},
{
"model": "fortios",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-47569"
}
]
},
"cve": "CVE-2024-47569",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2024-47569",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "psirt@fortinet.com",
"id": "CVE-2024-47569",
"trust": 1.0,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-47569"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiVoice 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.7 through 6.0.12, FortiMail 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.9, FortiOS 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, 6.2.0 through 6.2.17, 6.0.0 through 6.0.18, FortiWeb 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.11, 7.0.0 through 7.0.11, 6.4.0 through 6.4.3, FortiRecorder 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiNDR 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.5, 7.1.0 through 7.1.1, 7.0.0 through 7.0.7, 1.5.0 through 1.5.3, FortiPAM 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiTester 7.4.0 through 7.4.2, 7.3.0 through 7.3.2, 7.2.0 through 7.2.3, 7.1.0 through 7.1.1, 7.0.0, 4.2.0 through 4.2.1, FortiProxy 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.21, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager 7.6.0 through 7.6.1, 7.4.1 through 7.4.3 allows attacker to disclose sensitive information via specially crafted packets.",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-47569"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-47569",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-47569"
}
]
},
"id": "VAR-202510-0661",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26984128
},
"last_update_date": "2025-10-16T23:44:36.377000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-201",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-47569"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://fortiguard.fortinet.com/psirt/fg-ir-24-228"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-47569"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-47569"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-14T16:15:35.327000",
"db": "NVD",
"id": "CVE-2024-47569"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-15T17:36:57.413000",
"db": "NVD",
"id": "CVE-2024-47569"
}
]
}
}
VAR-202508-0742
Vulnerability from variot - Updated: 2025-08-17 23:41Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests. FortiCamera firmware, FortiMail , FortiNDR Multiple Fortinet products, including the following, contain a relative path traversal vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202508-0742",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortirecorder",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.2"
},
{
"model": "fortimail",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.6.2"
},
{
"model": "fortivoice",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.5"
},
{
"model": "fortirecorder",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.5"
},
{
"model": "fortirecorder",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortindr",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.7"
},
{
"model": "fortivoice",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortirecorder",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortivoice",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.10"
},
{
"model": "fortivoice",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "forticamera",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "2.0.0"
},
{
"model": "fortindr",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.6.2"
},
{
"model": "fortindr",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.6.0"
},
{
"model": "forticamera",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "2.1.4"
},
{
"model": "fortindr",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.0"
},
{
"model": "fortimail",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortimail",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.4"
},
{
"model": "fortimail",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.6.0"
},
{
"model": "fortivoice",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortindr",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "forticamera",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortimail",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortirecorder",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027173"
},
{
"db": "NVD",
"id": "CVE-2024-40588"
}
]
},
"cve": "CVE-2024-40588",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "psirt@fortinet.com",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2024-40588",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 4.4,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-027173",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "psirt@fortinet.com",
"id": "CVE-2024-40588",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2024-027173",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027173"
},
{
"db": "NVD",
"id": "CVE-2024-40588"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera \u0026 FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests. FortiCamera firmware, FortiMail , FortiNDR Multiple Fortinet products, including the following, contain a relative path traversal vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-40588"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-027173"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-40588",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-027173",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027173"
},
{
"db": "NVD",
"id": "CVE-2024-40588"
}
]
},
"id": "VAR-202508-0742",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26984128
},
"last_update_date": "2025-08-17T23:41:41.748000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-24-309",
"trust": 0.8,
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-309"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027173"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-23",
"trust": 1.0
},
{
"problemtype": "Relative past traversal (CWE-23) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027173"
},
{
"db": "NVD",
"id": "CVE-2024-40588"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://fortiguard.fortinet.com/psirt/fg-ir-24-309"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-40588"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027173"
},
{
"db": "NVD",
"id": "CVE-2024-40588"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027173"
},
{
"db": "NVD",
"id": "CVE-2024-40588"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-027173"
},
{
"date": "2025-08-12T19:15:27.397000",
"db": "NVD",
"id": "CVE-2024-40588"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-15T08:52:00",
"db": "JVNDB",
"id": "JVNDB-2024-027173"
},
{
"date": "2025-08-14T01:14:41.250000",
"db": "NVD",
"id": "CVE-2024-40588"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Relative Path Traversal Vulnerability in Multiple Fortinet Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-027173"
}
],
"trust": 0.8
}
}
VAR-202402-1155
Vulnerability from variot - Updated: 2025-02-22 23:38A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the Host header points to an arbitrary webserver. FortiADC , FortiAuthenticator , FortiDDoS Several Fortinet products, including the above, contain vulnerabilities that allow externally controlled access to resources in other areas.Information may be obtained and information may be tampered with
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202402-1155",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortiddos-f",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.1.0"
},
{
"model": "fortiwlc",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.0"
},
{
"model": "fortiswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.5"
},
{
"model": "fortimail",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.4"
},
{
"model": "fortisoar",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.3.0"
},
{
"model": "fortirecorder",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortirecorder",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortiauthenticator",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.2"
},
{
"model": "fortiauthenticator",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortindr",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortiswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortiauthenticator",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.3.0"
},
{
"model": "fortiddos-f",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.3.4"
},
{
"model": "fortimail",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortiproxy",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortirecorder",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.11"
},
{
"model": "fortiproxy",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.0"
},
{
"model": "fortiauthenticator",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.3.4"
},
{
"model": "fortitester",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.2"
},
{
"model": "fortindr",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.1.1"
},
{
"model": "fortivoice",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.9"
},
{
"model": "fortivoice",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortios",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.5"
},
{
"model": "fortindr",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "1.4.0"
},
{
"model": "fortiadc",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.4"
},
{
"model": "fortirecorder",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.3"
},
{
"model": "fortiproxy",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.5"
},
{
"model": "fortiwlc",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "8.6.7"
},
{
"model": "fortios",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.0"
},
{
"model": "fortiadc",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.4.0"
},
{
"model": "fortios",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.0.6"
},
{
"model": "fortisoar",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "fortitester",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "3.7.0"
},
{
"model": "fortiproxy",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "2.0.0"
},
{
"model": "fortiddos",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.3.0"
},
{
"model": "fortiddos",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.5.2"
},
{
"model": "fortios",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.0"
},
{
"model": "fortisoar",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortiwlc",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortivoice",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortimail",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortiadc",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortios",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortiswitch",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "6.4.0 that\u0027s all 7.0.5"
},
{
"model": "fortiauthenticator",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortindr",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortiddos",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortiddos-f",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortiproxy",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortitester",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortirecorder",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025638"
},
{
"db": "NVD",
"id": "CVE-2022-23439"
}
]
},
"cve": "CVE-2022-23439",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"id": "CVE-2022-23439",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2022-23439",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-23439",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "psirt@fortinet.com",
"id": "CVE-2022-23439",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-23439",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-23439",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025638"
},
{
"db": "NVD",
"id": "CVE-2022-23439"
},
{
"db": "NVD",
"id": "CVE-2022-23439"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver. FortiADC , FortiAuthenticator , FortiDDoS Several Fortinet products, including the above, contain vulnerabilities that allow externally controlled access to resources in other areas.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23439"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-025638"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23439",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-025638",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2022-23439",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-23439"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-025638"
},
{
"db": "NVD",
"id": "CVE-2022-23439"
}
]
},
"id": "VAR-202402-1155",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.42976094
},
"last_update_date": "2025-02-22T23:38:28.822000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-23439"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-610",
"trust": 1.0
},
{
"problemtype": "Externally controllable reference to another region resource (CWE-610) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025638"
},
{
"db": "NVD",
"id": "CVE-2022-23439"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://fortiguard.com/psirt/fg-ir-21-254"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23439"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-23439"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-025638"
},
{
"db": "NVD",
"id": "CVE-2022-23439"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-23439"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-025638"
},
{
"db": "NVD",
"id": "CVE-2022-23439"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-025638"
},
{
"date": "2025-01-22T10:15:07.737000",
"db": "NVD",
"id": "CVE-2022-23439"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-18T08:41:00",
"db": "JVNDB",
"id": "JVNDB-2022-025638"
},
{
"date": "2025-02-12T13:39:42.107000",
"db": "NVD",
"id": "CVE-2022-23439"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Fortinet products are vulnerable to externally controlled access to resources in other domains",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-025638"
}
],
"trust": 0.8
}
}
CERTFR-2025-ALE-006
Vulnerability from certfr_alerte - Published: 2025-05-13 - Updated: 2025-06-24
Le 13 mai 2025, Fortinet a publié un avis de sécurité concernant la vulnérabilité CVE-2025-32756. Celle-ci permet à un attaquant non authentifié d'exécuter du code arbitraire à distance.
L'éditeur indique que cette vulnérabilité est activement exploitée. Les exploitations constatées jusqu'ici concernent les produits FortiVoice.
Fortinet fournit également des marqueurs de compromission à rechercher.
Solutions
Le CERT-FR recommande l'application des correctifs dans les plus brefs délais, se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Si cela n'est pas possible, l'éditeur recommande de désactiver l'interface de gestion. Le CERT-FR rappelle que l'exposition d'une interface de gestion sur Internet est contraire aux bonnes pratiques.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.1.x à 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.0.7 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.4.x antérieures à 6.4.6 | ||
| Fortinet | FortiCamera | FortiCamera versions antérieures à 2.1.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.4.x antérieures à 6.4.11 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.8 | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.9 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiCamera versions ant\u00e9rieures \u00e0 2.1.4",
"product": {
"name": "FortiCamera",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"closed_at": "2025-06-24",
"content": "## Solutions\n\nLe CERT-FR recommande l\u0027application des correctifs dans les plus brefs d\u00e9lais, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).\n\n Si cela n\u0027est pas possible, l\u0027\u00e9diteur recommande de d\u00e9sactiver l\u0027interface de gestion. Le CERT-FR rappelle que l\u0027exposition d\u0027une interface de gestion sur Internet est contraire aux bonnes pratiques.",
"cves": [
{
"name": "CVE-2025-32756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"
}
],
"initial_release_date": "2025-05-13T00:00:00",
"last_revision_date": "2025-06-24T00:00:00",
"links": [
{
"title": "Avis CERT-FR CERTFR-2025-AVI-0399 du 13 mai 2025",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0399/"
}
],
"reference": "CERTFR-2025-ALE-006",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-13T00:00:00.000000"
},
{
"description": " Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2025-06-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Le 13 mai 2025, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant la vuln\u00e9rabilit\u00e9 CVE-2025-32756. Celle-ci permet \u00e0 un attaquant non authentifi\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\nL\u0027\u00e9diteur indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e. Les exploitations constat\u00e9es jusqu\u0027ici concernent les produits FortiVoice.\n\nFortinet fournit \u00e9galement des marqueurs de compromission \u00e0 rechercher.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-254"
}
]
}