Search criteria

129 vulnerabilities found for FortiPortal by Fortinet

CVE-2024-40593 (GCVE-0-2024-40593)

Vulnerability from nvd – Published: 2025-12-11 14:10 – Updated: 2025-12-11 15:59
VLAI?
Summary
A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell.
Severity ?
5.9 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C
CWE
  • CWE-320 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 6.0.0 , ≤ 6.0.15 (semver)
    cpe:2.3:a:fortinet:fortiportal:6.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.5 (semver)
Affected: 7.0.0 , ≤ 7.0.15 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
    cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiOS Affected: 7.6.0
Affected: 7.4.4
Affected: 7.2.7
Affected: 7.0.14
    cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiManager Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.5 (semver)
Affected: 7.0.0 , ≤ 7.0.15 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
    cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-11T14:46:49.254598Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-11T14:48:01.010Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiportal:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.0.15",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.4.4"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.0.14"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate\u0027s private key via the device\u0027s admin shell."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-320",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-11T15:59:33.162Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-133",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-133"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiPortal version 7.0.0 or above\nUpgrade to FortiAnalyzer version 7.6.0 or above\nUpgrade to FortiAnalyzer version 7.4.3 or above\nUpgrade to FortiAnalyzer version 7.2.6 or above\nUpgrade to FortiOS version 7.6.1 or above\nUpgrade to FortiOS version 7.4.5 or above\nUpgrade to FortiOS version 7.2.8 or above\nUpgrade to FortiOS version 7.0.15 or above\nUpgrade to FortiManager version 7.4.3 or above\nUpgrade to FortiManager version 7.2.6 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-40593",
    "datePublished": "2025-12-11T14:10:08.880Z",
    "dateReserved": "2024-07-05T11:55:50.011Z",
    "dateUpdated": "2025-12-11T15:59:33.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-54838 (GCVE-0-2025-54838)

Vulnerability from nvd – Published: 2025-12-09 17:18 – Updated: 2025-12-09 20:43
VLAI?
Summary
An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:X/RC:C
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 7.4.0 , ≤ 7.4.5 (semver)
    cpe:2.3:a:fortinet:fortiportal:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54838",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T20:20:41.764169Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-09T20:43:14.142Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiportal:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Denial of service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T17:18:48.046Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-032",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-032"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiPortal version 7.4.6 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-54838",
    "datePublished": "2025-12-09T17:18:48.046Z",
    "dateReserved": "2025-07-31T08:07:23.557Z",
    "dateUpdated": "2025-12-09T20:43:14.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45329 (GCVE-0-2024-45329)

Vulnerability from nvd – Published: 2025-06-10 16:36 – Updated: 2025-06-10 19:40
VLAI?
Summary
A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests.
Severity ?
3.9 (Low)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE
  • CWE-639 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 7.4.0
Affected: 7.2.0 , ≤ 7.2.5 (semver)
Affected: 7.0.0 , ≤ 7.0.8 (semver)
    cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45329",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T19:30:20.665281Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T19:40:21.931Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-10T16:36:06.068Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-274",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-274"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiPortal version 7.4.1 or above \nPlease upgrade to FortiPortal version 7.2.6 or above \nPlease upgrade to FortiPortal version 7.0.9 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-45329",
    "datePublished": "2025-06-10T16:36:06.068Z",
    "dateReserved": "2024-08-27T06:43:07.250Z",
    "dateUpdated": "2025-06-10T19:40:21.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-46777 (GCVE-0-2025-46777)

Vulnerability from nvd – Published: 2025-05-28 07:56 – Updated: 2025-05-28 13:30
VLAI?
Summary
A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log.
Severity ?
2.2 (Low)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 7.4.0
Affected: 7.2.0 , ≤ 7.2.5 (semver)
Affected: 7.0.0 , ≤ 7.0.9 (semver)
    cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46777",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-28T13:30:18.489150Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-28T13:30:23.832Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.9",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-28T07:56:03.616Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-380",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-380"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiPortal version 7.4.2 or above \nPlease upgrade to FortiPortal version 7.4.1 or above \nPlease upgrade to FortiPortal version 7.2.6 or above \nPlease upgrade to FortiPortal version 7.0.10 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-46777",
    "datePublished": "2025-05-28T07:56:03.616Z",
    "dateReserved": "2025-04-29T08:42:13.449Z",
    "dateUpdated": "2025-05-28T13:30:23.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40590 (GCVE-0-2024-40590)

Vulnerability from nvd – Published: 2025-03-14 15:02 – Updated: 2025-03-14 18:02
VLAI?
Summary
An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints.
Severity ?
4.4 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:R
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 7.4.0
Affected: 7.2.0 , ≤ 7.2.4 (semver)
Affected: 7.0.0 , ≤ 7.0.8 (semver)
Affected: 6.0.0 , ≤ 6.0.15 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40590",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-14T18:02:26.893187Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T18:02:38.328Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.15",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An\u00a0improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:R",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-14T15:02:47.500Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-155",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-155"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiPortal version 7.4.1 or above \nPlease upgrade to FortiPortal version 7.2.5 or above \nPlease upgrade to FortiPortal version 7.0.9 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-40590",
    "datePublished": "2025-03-14T15:02:47.500Z",
    "dateReserved": "2024-07-05T11:55:50.011Z",
    "dateUpdated": "2025-03-14T18:02:38.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24470 (GCVE-0-2025-24470)

Vulnerability from nvd – Published: 2025-02-11 16:08 – Updated: 2025-02-11 16:43
VLAI?
Summary
An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests.
Severity ?
8.1 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:X/RC:C
CWE
  • CWE-41 - Information disclosure
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.6 (semver)
Affected: 7.0.0 , ≤ 7.0.11 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24470",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T16:43:02.809120Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T16:43:10.520Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.6",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.11",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An\u00a0Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-41",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T16:08:58.707Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-015",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-015"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiPortal version 7.4.3 or above \nPlease upgrade to FortiPortal version 7.2.7 or above \nPlease upgrade to FortiPortal version 7.0.12 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-24470",
    "datePublished": "2025-02-11T16:08:58.707Z",
    "dateReserved": "2025-01-21T20:48:07.886Z",
    "dateUpdated": "2025-02-11T16:43:10.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23439 (GCVE-0-2022-23439)

Vulnerability from nvd – Published: 2025-01-22 09:10 – Updated: 2025-01-22 14:21
VLAI?
Summary
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
Severity ?
4.1 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • CWE-610 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiTester Affected: 7.2.0 , ≤ 7.2.1 (semver)
Affected: 7.1.0 , ≤ 7.1.1 (semver)
Affected: 7.0.0
Affected: 4.2.0 , ≤ 4.2.1 (semver)
Affected: 4.1.0 , ≤ 4.1.1 (semver)
Affected: 4.0.0
Affected: 3.9.0 , ≤ 3.9.2 (semver)
Affected: 3.8.0
Affected: 3.7.0 , ≤ 3.7.1 (semver)
Affected: 3.6.0
Affected: 3.5.0 , ≤ 3.5.1 (semver)
Affected: 3.4.0
Affected: 3.3.0 , ≤ 3.3.1 (semver)
Create a notification for this product.
    Fortinet FortiOS Affected: 7.2.0
Affected: 7.0.0 , ≤ 7.0.5 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
Affected: 6.2.0 , ≤ 6.2.16 (semver)
Affected: 6.0.0 , ≤ 6.0.18 (semver)
Affected: 6.4.0 , < 6.4.* (semver)
    cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiMail Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.0 , ≤ 6.4.8 (semver)
Affected: 6.2.0 , ≤ 6.2.9 (semver)
Affected: 6.0.0 , ≤ 6.0.12 (semver)
Affected: 5.4.0 , ≤ 5.4.12 (semver)
Affected: 7.2.0 , < 7.2.* (semver)
    cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.2.*:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiSwitch Affected: 7.0.0 , ≤ 7.0.4 (semver)
Affected: 6.4.0 , ≤ 6.4.10 (semver)
Affected: 6.2.0 , ≤ 6.2.8 (semver)
Affected: 6.0.0 , ≤ 6.0.7 (semver)
    cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiDDoS-F Affected: 6.3.0 , ≤ 6.3.3 (semver)
Affected: 6.2.0 , ≤ 6.2.3 (semver)
Affected: 6.1.0 , ≤ 6.1.5 (semver)
    cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiProxy Affected: 7.0.0 , ≤ 7.0.4 (semver)
Affected: 2.0.0 , ≤ 2.0.14 (semver)
Affected: 1.2.0 , ≤ 1.2.13 (semver)
Affected: 1.1.0 , ≤ 1.1.6 (semver)
Affected: 1.0.0 , ≤ 1.0.7 (semver)
Create a notification for this product.
    Fortinet FortiRecorder Affected: 6.4.0 , ≤ 6.4.2 (semver)
Affected: 6.0.0 , ≤ 6.0.10 (semver)
Affected: 2.7.0 , ≤ 2.7.7 (semver)
Affected: 2.6.0 , ≤ 2.6.3 (semver)
    cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiNDR Affected: 7.2.0
Affected: 7.1.0
Affected: 7.0.0 , ≤ 7.0.6 (semver)
Affected: 1.5.0 , ≤ 1.5.3 (semver)
Affected: 1.4.0
Affected: 1.3.0 , ≤ 1.3.1 (semver)
Affected: 1.2.0
Affected: 1.1.0
Create a notification for this product.
    Fortinet FortiADC Affected: 7.0.0 , ≤ 7.0.1 (semver)
Affected: 6.2.0 , ≤ 6.2.3 (semver)
Affected: 6.1.0 , ≤ 6.1.6 (semver)
Affected: 6.0.0 , ≤ 6.0.4 (semver)
Affected: 5.4.0 , ≤ 5.4.5 (semver)
Affected: 5.3.0 , ≤ 5.3.7 (semver)
Affected: 5.2.0 , ≤ 5.2.8 (semver)
Affected: 5.1.0 , ≤ 5.1.7 (semver)
Affected: 5.0.0 , ≤ 5.0.4 (semver)
    cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiManager Affected: 7.4.0 , ≤ 7.4.3 (semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
Affected: 6.2.0 , ≤ 6.2.13 (semver)
    cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiSOAR Affected: 7.2.0 , ≤ 7.2.2 (semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.3 , ≤ 6.4.4 (semver)
Affected: 6.4.0 , ≤ 6.4.1 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiVoice Affected: 7.0.0 , ≤ 7.0.1 (semver)
Affected: 6.4.0 , ≤ 6.4.8 (semver)
Affected: 6.0.0 , ≤ 6.0.11 (semver)
    cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiDDoS Affected: 5.5.0 , ≤ 5.5.1 (semver)
Affected: 5.4.0 , ≤ 5.4.3 (semver)
Affected: 5.3.0 , ≤ 5.3.2 (semver)
Affected: 5.2.0
Affected: 5.1.0
Affected: 5.0.0
Affected: 4.7.0
Affected: 4.6.0
Affected: 4.5.0
    cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiWLC Affected: 8.6.0 , ≤ 8.6.7 (semver)
Affected: 8.5.0 , ≤ 8.5.5 (semver)
Affected: 8.4.4 , ≤ 8.4.8 (semver)
Affected: 8.4.0 , ≤ 8.4.2 (semver)
    cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
Affected: 6.2.0 , ≤ 6.2.13 (semver)
    cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiPortal Affected: 6.0.0 , ≤ 6.0.9 (semver)
Create a notification for this product.
    Fortinet FortiAuthenticator Affected: 6.4.0 , ≤ 6.4.1 (semver)
Affected: 6.3.0 , ≤ 6.3.3 (semver)
Affected: 6.2.0 , ≤ 6.2.2 (semver)
Affected: 6.1.0 , ≤ 6.1.3 (semver)
Affected: 6.0.0 , ≤ 6.0.8 (semver)
Affected: 5.5.0
Affected: 5.4.0 , ≤ 5.4.1 (semver)
Affected: 5.3.0 , ≤ 5.3.1 (semver)
Affected: 5.2.0 , ≤ 5.2.2 (semver)
Affected: 5.1.0 , ≤ 5.1.2 (semver)
    cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23439",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-22T14:21:27.552014Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-22T14:21:36.714Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiTester",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "lessThanOrEqual": "4.2.1",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.1.1",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "4.0.0"
            },
            {
              "lessThanOrEqual": "3.9.2",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.8.0"
            },
            {
              "lessThanOrEqual": "3.7.1",
              "status": "affected",
              "version": "3.7.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.6.0"
            },
            {
              "lessThanOrEqual": "3.5.1",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.4.0"
            },
            {
              "lessThanOrEqual": "3.3.1",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.16",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.18",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.4.*",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.12",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.2.*",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSwitch",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.8",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.7",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiDDoS-F",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.3.3",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.3",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.5",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.14",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.2.13",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.1.6",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.7",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiRecorder",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.2",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.10",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.7.7",
              "status": "affected",
              "version": "2.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.6.3",
              "status": "affected",
              "version": "2.6.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiNDR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.5.3",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.4.0"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "status": "affected",
              "version": "1.1.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiADC",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.3",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.6",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.4",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.5",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.7",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.8",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.1.7",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.4",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiVoice",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiDDoS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "5.5.1",
              "status": "affected",
              "version": "5.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.3",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.2",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.2.0"
            },
            {
              "status": "affected",
              "version": "5.1.0"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            },
            {
              "status": "affected",
              "version": "4.7.0"
            },
            {
              "status": "affected",
              "version": "4.6.0"
            },
            {
              "status": "affected",
              "version": "4.5.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiWLC",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "8.6.7",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.5",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.2",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.0.9",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAuthenticator",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.3",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.2",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.3",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.8",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.5.0"
            },
            {
              "lessThanOrEqual": "5.4.1",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.1",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.2",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.1.2",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-610",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-22T09:10:28.669Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-21-254",
          "url": "https://fortiguard.com/psirt/FG-IR-21-254"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "FortiOS\nAdministrative Interface\nPlease upgrade to FortiOS version 7.0.6 and above,\nPlease upgrade to FortiOS version 7.2.1 and above.\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebfilter interface (port 8008)\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nPlease upgrade to FortiOS version 7.0.12 or above\nPlease upgrade to FortiOS version 6.4.13 or above\n\nFortiProxy\nAdministrative Interface\nPlease upgrade to FortiProxy version 7.0.5 and above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiProxy version 7.4.0 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebFilter\u00a0interface (port 8008)\nPlease upgrade to FortiProxy version 7.4.0 or above\n\nPlease upgrade to FortiRecorder version 7.0.0 or above \nPlease upgrade to FortiRecorder version 6.4.3 or above \nPlease upgrade to FortiRecorder version 6.0.11 or above \nPlease upgrade to FortiNDR version 7.4.0 or above\n\nFortiNDR\nPlease upgrade to FortiNDR version 7.2.1 or above\nPlease upgrade to FortiNDR version 7.1.1 or above\nAND\nSet the `https-redirect-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set https-redirect-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\nend\n\nFortiADC\nPlease upgrade to FortiADC version 7.1.0 or above\nPlease upgrade to FortiADC version 7.0.2 or above\nPlease upgrade to FortiADC version 6.2.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n\u00a0 config system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nFortiDDOS-F\nPlease upgrade to FortiDDoS-F version 6.4.0 or above\nPlease upgrade to FortiDDoS-F version 6.3.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n\u00a0 config system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\" \n\nPlease upgrade to FortiSwitch version 7.2.0 or above \nPlease upgrade to FortiSwitch version 7.0.5 or above \nPlease upgrade to FortiSwitch version 6.4.11 or above \nPlease upgrade to FortiVoice version 7.0.2 or above\nPlease upgrade to FortiVoice version 6.4.9 or above\nPlease upgrade to FortiMail version 7.2.0 or above \nPlease upgrade to FortiMail version 7.0.4 or above \nPlease upgrade to FortiWLC version 8.6.7 or above \nPlease upgrade to FortiAuthenticator version 6.4.2 or above \nPlease upgrade to FortiAuthenticator version 6.3.4 or above \nPlease upgrade to FortiDDoS version 5.6.0 or above \nPlease upgrade to FortiDDoS version 5.5.2 or above \nPlease upgrade to FortiSOAR version 7.3.0 or above \nPlease upgrade to FortiTester version 7.3.0 or above \nPlease upgrade to FortiTester version 7.2.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-23439",
    "datePublished": "2025-01-22T09:10:28.669Z",
    "dateReserved": "2022-01-19T07:38:03.512Z",
    "dateUpdated": "2025-01-22T14:21:36.714Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52967 (GCVE-0-2024-52967)

Vulnerability from nvd – Published: 2025-01-14 14:09 – Updated: 2025-01-14 20:54
VLAI?
Summary
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection.
Severity ?
3.3 (Low)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C
CWE
  • CWE-80 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 6.0.0 , ≤ 6.0.14 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52967",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T15:15:02.667293Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T20:54:08.452Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.0.14",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-80",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:09:44.113Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-211",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-211"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiPortal version 6.0.15 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-52967",
    "datePublished": "2025-01-14T14:09:44.113Z",
    "dateReserved": "2024-11-18T13:36:52.465Z",
    "dateUpdated": "2025-01-14T20:54:08.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35278 (GCVE-0-2024-35278)

Vulnerability from nvd – Published: 2025-01-14 14:09 – Updated: 2025-01-14 16:51
VLAI?
Summary
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request.
Severity ?
4.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C
CWE
  • CWE-89 - Information disclosure
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 7.2.0 , ≤ 7.2.4 (semver)
Affected: 7.0.0 , ≤ 7.0.8 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35278",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T16:51:08.147833Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T16:51:29.678Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:09:45.115Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-086",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-086"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiPortal version 7.4.0 or above \nPlease upgrade to FortiPortal version 7.2.5 or above \nPlease upgrade to FortiPortal version 7.0.9 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-35278",
    "datePublished": "2025-01-14T14:09:45.115Z",
    "dateReserved": "2024-05-14T21:15:19.190Z",
    "dateUpdated": "2025-01-14T16:51:29.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32589 (GCVE-0-2021-32589)

Vulnerability from nvd – Published: 2024-12-19 12:22 – Updated: 2024-12-20 21:55
VLAI?
Summary
A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.
Severity ?
7.7 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C
CWE
  • CWE-416 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiManager Affected: 7.0.0
Affected: 6.4.0 , ≤ 6.4.5 (semver)
Affected: 6.2.0 , ≤ 6.2.7 (semver)
Affected: 6.0.0 , ≤ 6.0.10 (semver)
Affected: 5.6.0 , ≤ 5.6.10 (semver)
Affected: 5.4.0 , ≤ 5.4.7 (semver)
Affected: 5.2.0 , ≤ 5.2.10 (semver)
Affected: 5.0.0 , ≤ 5.0.12 (semver)
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.0.0
Affected: 6.4.0 , ≤ 6.4.5 (semver)
Affected: 6.2.0 , ≤ 6.2.7 (semver)
Affected: 6.0.0 , ≤ 6.0.10 (semver)
Affected: 5.6.0 , ≤ 5.6.10 (semver)
Affected: 5.4.0 , ≤ 5.4.7 (semver)
Affected: 5.3.11
Affected: 5.2.4 , ≤ 5.2.10 (semver)
    cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.3.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.2.4:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-32589",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-20T21:54:22.696432Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-20T21:55:26.925Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "lessThanOrEqual": "6.4.5",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.7",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.10",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.6.10",
              "status": "affected",
              "version": "5.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.7",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.10",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.12",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.3.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.2.4:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "lessThanOrEqual": "6.4.5",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.7",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.10",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.6.10",
              "status": "affected",
              "version": "5.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.7",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.3.11"
            },
            {
              "lessThanOrEqual": "5.2.10",
              "status": "affected",
              "version": "5.2.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T16:13:18.521Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-21-067",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-21-067"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiPortal version 6.0.6 or above \nPlease upgrade to FortiPortal version 5.3.7 or above \nPlease upgrade to FortiManager version 7.0.1 or above \nPlease upgrade to FortiManager version 6.4.6 or above \nPlease upgrade to FortiManager version 6.2.8 or above \nPlease upgrade to FortiManager version 6.0.11 or above \nPlease upgrade to FortiManager version 5.6.11 or above \nPlease upgrade to FortiAnalyzer version 7.0.1 or above \nPlease upgrade to FortiAnalyzer version 6.4.6 or above \nPlease upgrade to FortiAnalyzer version 6.2.8 or above \nPlease upgrade to FortiAnalyzer version 6.0.11 or above \nPlease upgrade to FortiAnalyzer version 5.6.11 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-32589",
    "datePublished": "2024-12-19T12:22:32.543Z",
    "dateReserved": "2021-05-11T21:19:05.181Z",
    "dateUpdated": "2024-12-20T21:55:26.925Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40593 (GCVE-0-2024-40593)

Vulnerability from cvelistv5 – Published: 2025-12-11 14:10 – Updated: 2025-12-11 15:59
VLAI?
Summary
A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell.
Severity ?
5.9 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C
CWE
  • CWE-320 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 6.0.0 , ≤ 6.0.15 (semver)
    cpe:2.3:a:fortinet:fortiportal:6.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:6.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.5 (semver)
Affected: 7.0.0 , ≤ 7.0.15 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
    cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiOS Affected: 7.6.0
Affected: 7.4.4
Affected: 7.2.7
Affected: 7.0.14
    cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiManager Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.5 (semver)
Affected: 7.0.0 , ≤ 7.0.15 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
    cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-11T14:46:49.254598Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-11T14:48:01.010Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiportal:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.0.15",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.4.4"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.0.14"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate\u0027s private key via the device\u0027s admin shell."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-320",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-11T15:59:33.162Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-133",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-133"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiPortal version 7.0.0 or above\nUpgrade to FortiAnalyzer version 7.6.0 or above\nUpgrade to FortiAnalyzer version 7.4.3 or above\nUpgrade to FortiAnalyzer version 7.2.6 or above\nUpgrade to FortiOS version 7.6.1 or above\nUpgrade to FortiOS version 7.4.5 or above\nUpgrade to FortiOS version 7.2.8 or above\nUpgrade to FortiOS version 7.0.15 or above\nUpgrade to FortiManager version 7.4.3 or above\nUpgrade to FortiManager version 7.2.6 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-40593",
    "datePublished": "2025-12-11T14:10:08.880Z",
    "dateReserved": "2024-07-05T11:55:50.011Z",
    "dateUpdated": "2025-12-11T15:59:33.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-54838 (GCVE-0-2025-54838)

Vulnerability from cvelistv5 – Published: 2025-12-09 17:18 – Updated: 2025-12-09 20:43
VLAI?
Summary
An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:X/RC:C
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 7.4.0 , ≤ 7.4.5 (semver)
    cpe:2.3:a:fortinet:fortiportal:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54838",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T20:20:41.764169Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-09T20:43:14.142Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiportal:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Denial of service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T17:18:48.046Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-032",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-032"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiPortal version 7.4.6 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-54838",
    "datePublished": "2025-12-09T17:18:48.046Z",
    "dateReserved": "2025-07-31T08:07:23.557Z",
    "dateUpdated": "2025-12-09T20:43:14.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-45329 (GCVE-0-2024-45329)

Vulnerability from cvelistv5 – Published: 2025-06-10 16:36 – Updated: 2025-06-10 19:40
VLAI?
Summary
A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests.
Severity ?
3.9 (Low)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE
  • CWE-639 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 7.4.0
Affected: 7.2.0 , ≤ 7.2.5 (semver)
Affected: 7.0.0 , ≤ 7.0.8 (semver)
    cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45329",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T19:30:20.665281Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T19:40:21.931Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-10T16:36:06.068Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-274",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-274"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiPortal version 7.4.1 or above \nPlease upgrade to FortiPortal version 7.2.6 or above \nPlease upgrade to FortiPortal version 7.0.9 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-45329",
    "datePublished": "2025-06-10T16:36:06.068Z",
    "dateReserved": "2024-08-27T06:43:07.250Z",
    "dateUpdated": "2025-06-10T19:40:21.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-46777 (GCVE-0-2025-46777)

Vulnerability from cvelistv5 – Published: 2025-05-28 07:56 – Updated: 2025-05-28 13:30
VLAI?
Summary
A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log.
Severity ?
2.2 (Low)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 7.4.0
Affected: 7.2.0 , ≤ 7.2.5 (semver)
Affected: 7.0.0 , ≤ 7.0.9 (semver)
    cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46777",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-28T13:30:18.489150Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-28T13:30:23.832Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.9",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-28T07:56:03.616Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-380",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-380"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiPortal version 7.4.2 or above \nPlease upgrade to FortiPortal version 7.4.1 or above \nPlease upgrade to FortiPortal version 7.2.6 or above \nPlease upgrade to FortiPortal version 7.0.10 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-46777",
    "datePublished": "2025-05-28T07:56:03.616Z",
    "dateReserved": "2025-04-29T08:42:13.449Z",
    "dateUpdated": "2025-05-28T13:30:23.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40590 (GCVE-0-2024-40590)

Vulnerability from cvelistv5 – Published: 2025-03-14 15:02 – Updated: 2025-03-14 18:02
VLAI?
Summary
An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints.
Severity ?
4.4 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:R
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 7.4.0
Affected: 7.2.0 , ≤ 7.2.4 (semver)
Affected: 7.0.0 , ≤ 7.0.8 (semver)
Affected: 6.0.0 , ≤ 6.0.15 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40590",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-14T18:02:26.893187Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T18:02:38.328Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.15",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An\u00a0improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:R",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-14T15:02:47.500Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-155",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-155"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiPortal version 7.4.1 or above \nPlease upgrade to FortiPortal version 7.2.5 or above \nPlease upgrade to FortiPortal version 7.0.9 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-40590",
    "datePublished": "2025-03-14T15:02:47.500Z",
    "dateReserved": "2024-07-05T11:55:50.011Z",
    "dateUpdated": "2025-03-14T18:02:38.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24470 (GCVE-0-2025-24470)

Vulnerability from cvelistv5 – Published: 2025-02-11 16:08 – Updated: 2025-02-11 16:43
VLAI?
Summary
An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests.
Severity ?
8.1 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:X/RC:C
CWE
  • CWE-41 - Information disclosure
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.6 (semver)
Affected: 7.0.0 , ≤ 7.0.11 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24470",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T16:43:02.809120Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T16:43:10.520Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.6",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.11",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An\u00a0Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-41",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T16:08:58.707Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-015",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-015"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiPortal version 7.4.3 or above \nPlease upgrade to FortiPortal version 7.2.7 or above \nPlease upgrade to FortiPortal version 7.0.12 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-24470",
    "datePublished": "2025-02-11T16:08:58.707Z",
    "dateReserved": "2025-01-21T20:48:07.886Z",
    "dateUpdated": "2025-02-11T16:43:10.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23439 (GCVE-0-2022-23439)

Vulnerability from cvelistv5 – Published: 2025-01-22 09:10 – Updated: 2025-01-22 14:21
VLAI?
Summary
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
Severity ?
4.1 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • CWE-610 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiTester Affected: 7.2.0 , ≤ 7.2.1 (semver)
Affected: 7.1.0 , ≤ 7.1.1 (semver)
Affected: 7.0.0
Affected: 4.2.0 , ≤ 4.2.1 (semver)
Affected: 4.1.0 , ≤ 4.1.1 (semver)
Affected: 4.0.0
Affected: 3.9.0 , ≤ 3.9.2 (semver)
Affected: 3.8.0
Affected: 3.7.0 , ≤ 3.7.1 (semver)
Affected: 3.6.0
Affected: 3.5.0 , ≤ 3.5.1 (semver)
Affected: 3.4.0
Affected: 3.3.0 , ≤ 3.3.1 (semver)
Create a notification for this product.
    Fortinet FortiOS Affected: 7.2.0
Affected: 7.0.0 , ≤ 7.0.5 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
Affected: 6.2.0 , ≤ 6.2.16 (semver)
Affected: 6.0.0 , ≤ 6.0.18 (semver)
Affected: 6.4.0 , < 6.4.* (semver)
    cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiMail Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.0 , ≤ 6.4.8 (semver)
Affected: 6.2.0 , ≤ 6.2.9 (semver)
Affected: 6.0.0 , ≤ 6.0.12 (semver)
Affected: 5.4.0 , ≤ 5.4.12 (semver)
Affected: 7.2.0 , < 7.2.* (semver)
    cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.2.*:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiSwitch Affected: 7.0.0 , ≤ 7.0.4 (semver)
Affected: 6.4.0 , ≤ 6.4.10 (semver)
Affected: 6.2.0 , ≤ 6.2.8 (semver)
Affected: 6.0.0 , ≤ 6.0.7 (semver)
    cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiDDoS-F Affected: 6.3.0 , ≤ 6.3.3 (semver)
Affected: 6.2.0 , ≤ 6.2.3 (semver)
Affected: 6.1.0 , ≤ 6.1.5 (semver)
    cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiProxy Affected: 7.0.0 , ≤ 7.0.4 (semver)
Affected: 2.0.0 , ≤ 2.0.14 (semver)
Affected: 1.2.0 , ≤ 1.2.13 (semver)
Affected: 1.1.0 , ≤ 1.1.6 (semver)
Affected: 1.0.0 , ≤ 1.0.7 (semver)
Create a notification for this product.
    Fortinet FortiRecorder Affected: 6.4.0 , ≤ 6.4.2 (semver)
Affected: 6.0.0 , ≤ 6.0.10 (semver)
Affected: 2.7.0 , ≤ 2.7.7 (semver)
Affected: 2.6.0 , ≤ 2.6.3 (semver)
    cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiNDR Affected: 7.2.0
Affected: 7.1.0
Affected: 7.0.0 , ≤ 7.0.6 (semver)
Affected: 1.5.0 , ≤ 1.5.3 (semver)
Affected: 1.4.0
Affected: 1.3.0 , ≤ 1.3.1 (semver)
Affected: 1.2.0
Affected: 1.1.0
Create a notification for this product.
    Fortinet FortiADC Affected: 7.0.0 , ≤ 7.0.1 (semver)
Affected: 6.2.0 , ≤ 6.2.3 (semver)
Affected: 6.1.0 , ≤ 6.1.6 (semver)
Affected: 6.0.0 , ≤ 6.0.4 (semver)
Affected: 5.4.0 , ≤ 5.4.5 (semver)
Affected: 5.3.0 , ≤ 5.3.7 (semver)
Affected: 5.2.0 , ≤ 5.2.8 (semver)
Affected: 5.1.0 , ≤ 5.1.7 (semver)
Affected: 5.0.0 , ≤ 5.0.4 (semver)
    cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiManager Affected: 7.4.0 , ≤ 7.4.3 (semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
Affected: 6.2.0 , ≤ 6.2.13 (semver)
    cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiSOAR Affected: 7.2.0 , ≤ 7.2.2 (semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.3 , ≤ 6.4.4 (semver)
Affected: 6.4.0 , ≤ 6.4.1 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiVoice Affected: 7.0.0 , ≤ 7.0.1 (semver)
Affected: 6.4.0 , ≤ 6.4.8 (semver)
Affected: 6.0.0 , ≤ 6.0.11 (semver)
    cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiDDoS Affected: 5.5.0 , ≤ 5.5.1 (semver)
Affected: 5.4.0 , ≤ 5.4.3 (semver)
Affected: 5.3.0 , ≤ 5.3.2 (semver)
Affected: 5.2.0
Affected: 5.1.0
Affected: 5.0.0
Affected: 4.7.0
Affected: 4.6.0
Affected: 4.5.0
    cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiWLC Affected: 8.6.0 , ≤ 8.6.7 (semver)
Affected: 8.5.0 , ≤ 8.5.5 (semver)
Affected: 8.4.4 , ≤ 8.4.8 (semver)
Affected: 8.4.0 , ≤ 8.4.2 (semver)
    cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
Affected: 6.2.0 , ≤ 6.2.13 (semver)
    cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiPortal Affected: 6.0.0 , ≤ 6.0.9 (semver)
Create a notification for this product.
    Fortinet FortiAuthenticator Affected: 6.4.0 , ≤ 6.4.1 (semver)
Affected: 6.3.0 , ≤ 6.3.3 (semver)
Affected: 6.2.0 , ≤ 6.2.2 (semver)
Affected: 6.1.0 , ≤ 6.1.3 (semver)
Affected: 6.0.0 , ≤ 6.0.8 (semver)
Affected: 5.5.0
Affected: 5.4.0 , ≤ 5.4.1 (semver)
Affected: 5.3.0 , ≤ 5.3.1 (semver)
Affected: 5.2.0 , ≤ 5.2.2 (semver)
Affected: 5.1.0 , ≤ 5.1.2 (semver)
    cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23439",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-22T14:21:27.552014Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-22T14:21:36.714Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiTester",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "lessThanOrEqual": "4.2.1",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.1.1",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "4.0.0"
            },
            {
              "lessThanOrEqual": "3.9.2",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.8.0"
            },
            {
              "lessThanOrEqual": "3.7.1",
              "status": "affected",
              "version": "3.7.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.6.0"
            },
            {
              "lessThanOrEqual": "3.5.1",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.4.0"
            },
            {
              "lessThanOrEqual": "3.3.1",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.16",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.18",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.4.*",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.12",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.2.*",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSwitch",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.8",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.7",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiDDoS-F",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.3.3",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.3",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.5",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.14",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.2.13",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.1.6",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.7",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiRecorder",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.2",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.10",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.7.7",
              "status": "affected",
              "version": "2.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.6.3",
              "status": "affected",
              "version": "2.6.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiNDR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.5.3",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.4.0"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "status": "affected",
              "version": "1.1.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiADC",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.3",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.6",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.4",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.5",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.7",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.8",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.1.7",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.4",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiVoice",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiDDoS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "5.5.1",
              "status": "affected",
              "version": "5.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.3",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.2",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.2.0"
            },
            {
              "status": "affected",
              "version": "5.1.0"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            },
            {
              "status": "affected",
              "version": "4.7.0"
            },
            {
              "status": "affected",
              "version": "4.6.0"
            },
            {
              "status": "affected",
              "version": "4.5.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiWLC",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "8.6.7",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.5",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.2",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.0.9",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAuthenticator",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.3",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.2",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.3",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.8",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.5.0"
            },
            {
              "lessThanOrEqual": "5.4.1",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.1",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.2",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.1.2",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-610",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-22T09:10:28.669Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-21-254",
          "url": "https://fortiguard.com/psirt/FG-IR-21-254"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "FortiOS\nAdministrative Interface\nPlease upgrade to FortiOS version 7.0.6 and above,\nPlease upgrade to FortiOS version 7.2.1 and above.\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebfilter interface (port 8008)\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nPlease upgrade to FortiOS version 7.0.12 or above\nPlease upgrade to FortiOS version 6.4.13 or above\n\nFortiProxy\nAdministrative Interface\nPlease upgrade to FortiProxy version 7.0.5 and above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiProxy version 7.4.0 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebFilter\u00a0interface (port 8008)\nPlease upgrade to FortiProxy version 7.4.0 or above\n\nPlease upgrade to FortiRecorder version 7.0.0 or above \nPlease upgrade to FortiRecorder version 6.4.3 or above \nPlease upgrade to FortiRecorder version 6.0.11 or above \nPlease upgrade to FortiNDR version 7.4.0 or above\n\nFortiNDR\nPlease upgrade to FortiNDR version 7.2.1 or above\nPlease upgrade to FortiNDR version 7.1.1 or above\nAND\nSet the `https-redirect-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set https-redirect-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\nend\n\nFortiADC\nPlease upgrade to FortiADC version 7.1.0 or above\nPlease upgrade to FortiADC version 7.0.2 or above\nPlease upgrade to FortiADC version 6.2.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n\u00a0 config system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nFortiDDOS-F\nPlease upgrade to FortiDDoS-F version 6.4.0 or above\nPlease upgrade to FortiDDoS-F version 6.3.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n\u00a0 config system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\" \n\nPlease upgrade to FortiSwitch version 7.2.0 or above \nPlease upgrade to FortiSwitch version 7.0.5 or above \nPlease upgrade to FortiSwitch version 6.4.11 or above \nPlease upgrade to FortiVoice version 7.0.2 or above\nPlease upgrade to FortiVoice version 6.4.9 or above\nPlease upgrade to FortiMail version 7.2.0 or above \nPlease upgrade to FortiMail version 7.0.4 or above \nPlease upgrade to FortiWLC version 8.6.7 or above \nPlease upgrade to FortiAuthenticator version 6.4.2 or above \nPlease upgrade to FortiAuthenticator version 6.3.4 or above \nPlease upgrade to FortiDDoS version 5.6.0 or above \nPlease upgrade to FortiDDoS version 5.5.2 or above \nPlease upgrade to FortiSOAR version 7.3.0 or above \nPlease upgrade to FortiTester version 7.3.0 or above \nPlease upgrade to FortiTester version 7.2.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-23439",
    "datePublished": "2025-01-22T09:10:28.669Z",
    "dateReserved": "2022-01-19T07:38:03.512Z",
    "dateUpdated": "2025-01-22T14:21:36.714Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35278 (GCVE-0-2024-35278)

Vulnerability from cvelistv5 – Published: 2025-01-14 14:09 – Updated: 2025-01-14 16:51
VLAI?
Summary
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request.
Severity ?
4.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C
CWE
  • CWE-89 - Information disclosure
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 7.2.0 , ≤ 7.2.4 (semver)
Affected: 7.0.0 , ≤ 7.0.8 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35278",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T16:51:08.147833Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T16:51:29.678Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:09:45.115Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-086",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-086"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiPortal version 7.4.0 or above \nPlease upgrade to FortiPortal version 7.2.5 or above \nPlease upgrade to FortiPortal version 7.0.9 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-35278",
    "datePublished": "2025-01-14T14:09:45.115Z",
    "dateReserved": "2024-05-14T21:15:19.190Z",
    "dateUpdated": "2025-01-14T16:51:29.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52967 (GCVE-0-2024-52967)

Vulnerability from cvelistv5 – Published: 2025-01-14 14:09 – Updated: 2025-01-14 20:54
VLAI?
Summary
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection.
Severity ?
3.3 (Low)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C
CWE
  • CWE-80 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiPortal Affected: 6.0.0 , ≤ 6.0.14 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52967",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T15:15:02.667293Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T20:54:08.452Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.0.14",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-80",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:09:44.113Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-211",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-211"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiPortal version 6.0.15 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-52967",
    "datePublished": "2025-01-14T14:09:44.113Z",
    "dateReserved": "2024-11-18T13:36:52.465Z",
    "dateUpdated": "2025-01-14T20:54:08.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2025-AVI-1084

Vulnerability from certfr_avis - Published: 2025-12-10 - Updated: 2025-12-10

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur précise que la version 24.2 de FortiSandbox Cloud sera publiée ultérieurement.

Impacted products
Vendor Product Description
Fortinet FortiAnalyzer FortiAnalyzer versions 7.2.x antérieures à 7.2.6
Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.4
Fortinet FortiSOAR FortiSOAR PaaS versions antérieures à 7.5.2
Fortinet FortiVoice FortiVoice versions 7.2.x antérieures à 7.2.3
Fortinet FortiSOAR FortiSOAR PaaS versions 7.6.x antérieures à 7.6.3
Fortinet FortiSOAR FortiSOAR on-premise versions 7.6.x antérieures à 7.6.3
Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.6
Fortinet N/A FortiExtender versions antérieures à 7.4.8
Fortinet FortiProxy FortiProxy versions 7.0.x antérieures à 7.0.22
Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.3
Fortinet FortiManager FortiManager versions antérieures à 7.2.6
Fortinet FortiSRA FortiSRA versions antérieures à 1.5.x
Fortinet FortiSandbox FortiSandbox versions 5.0.x antérieures à 5.0.3
Fortinet FortiPortal FortiPortal versions antérieures à 7.4.6
Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.15
Fortinet FortiSwitch FortiSwitchManager versions 7.2.x antérieures à 7.2.7
Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.9
Fortinet FortiWeb FortiWeb versions 7.2.x antérieures à 7.2.12
Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.12
Fortinet FortiAnalyzer FortiAnalyzer versions 7.4.x antérieures à 7.4.3
Fortinet FortiWeb FortiWeb versions 8.0.x antérieures à 8.0.2
Fortinet FortiSandbox FortiSandbox Cloud versions antérieures à 24.2
Fortinet N/A FortiExtender versions 7.6.x antérieures à 7.6.4
Fortinet FortiOS FortiOS versions antérieures à 7.0.18
Fortinet FortiSASE FortiSASE versions 24.1.x antérieures à 24.1.c
Fortinet FortiSandbox FortiSandbox versions 4.x antérieures à 4.4.8
Fortinet FortiWeb FortiWeb versions 7.0.x antérieures à 7.0.12
Fortinet FortiVoice FortiVoice versions antérieures à 7.0.8
Fortinet FortiSOAR FortiSOAR on-premise versions antérieures à 7.5.2
Fortinet FortiProxy FortiProxy versions 7.4.x antérieures à 7.4.11
Fortinet FortiPAM FortiPAM versions antérieures à 1.5.x
Fortinet FortiAuthenticator FortiAuthenticator versions antérieures à 6.6.7
Fortinet FortiSwitch FortiSwitchManager versions 7.0.x antérieures à 7.0.6
Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.4
Fortinet FortiWeb FortiWeb versions 7.4.x antérieures à 7.4.11
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR PaaS versions ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR PaaS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.22",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions ant\u00e9rieures \u00e0 1.5.x",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.3",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.15",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox Cloud versions ant\u00e9rieures \u00e0 24.2",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.18",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSASE versions 24.1.x ant\u00e9rieures \u00e0 24.1.c",
      "product": {
        "name": "FortiSASE",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.x ant\u00e9rieures \u00e0 4.4.8",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.11",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.5.x",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.6.7",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur pr\u00e9cise que la version 24.2 de FortiSandbox Cloud sera publi\u00e9e ult\u00e9rieurement.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-60024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60024"
    },
    {
      "name": "CVE-2025-64153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64153"
    },
    {
      "name": "CVE-2025-57823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57823"
    },
    {
      "name": "CVE-2024-40593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40593"
    },
    {
      "name": "CVE-2025-53679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53679"
    },
    {
      "name": "CVE-2025-62631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62631"
    },
    {
      "name": "CVE-2025-54353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54353"
    },
    {
      "name": "CVE-2025-53949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53949"
    },
    {
      "name": "CVE-2025-59719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59719"
    },
    {
      "name": "CVE-2025-59810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59810"
    },
    {
      "name": "CVE-2025-64471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64471"
    },
    {
      "name": "CVE-2025-64447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64447"
    },
    {
      "name": "CVE-2024-47570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47570"
    },
    {
      "name": "CVE-2025-59808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59808"
    },
    {
      "name": "CVE-2025-54838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54838"
    },
    {
      "name": "CVE-2025-59923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59923"
    },
    {
      "name": "CVE-2025-64156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64156"
    },
    {
      "name": "CVE-2025-59718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59718"
    }
  ],
  "initial_release_date": "2025-12-10T00:00:00",
  "last_revision_date": "2025-12-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1084",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-411",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-411"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-479",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-479"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-268",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-268"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-362",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-362"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-599",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-599"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-133",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-133"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-616",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-616"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-812",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-812"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-739",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-739"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-984",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-984"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-945",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-945"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-477",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-477"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-647",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-647"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-601",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-601"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-454",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-454"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-032",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-032"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-554",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-554"
    }
  ]
}

CERTFR-2025-AVI-0496

Vulnerability from certfr_avis - Published: 2025-06-11 - Updated: 2025-06-11

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Fortinet FortiProxy FortiProxy versions 7.4.x antérieures à 7.4.9
Fortinet FortiProxy FortiProxy toutes versions 7.2.x
Fortinet FortiProxy FortiProxy toutes versions 1.1.x
Fortinet FortiPortal FortiPortal versions 7.0.x antérieures à 7.0.9
Fortinet FortiPAM FortiPAM versions 1.4.x antérieures à 1.4.2
Fortinet FortiADC FortiADC toutes versions 7.0.x
Fortinet FortiClient FortiClientEMS versions 7.4.x antérieures à 7.4.3
Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.2
Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.2
Fortinet FortiClient FortiClientEMS versions 7.2.x antérieures à 7.2.7
Fortinet FortiOS FortiOS toutes versions 6.4.x
Fortinet FortiClient FortiClientWindows versions 7.4.x antérieures à 7.4.1
Fortinet FortiProxy FortiProxy toutes versions 1.2.x
Fortinet FortiADC FortiADC versions 7.2.x antérieures à 7.2.8
Fortinet FortiOS FortiOS toutes versions 7.0.x
Fortinet FortiWeb FortiWeb versions 7.4.x antérieures à 7.4.7
Fortinet FortiOS FortiOS toutes versions 6.2.x
Fortinet FortiPAM FortiPAM versions 1.1.x antérieures à 1.1.3
Fortinet FortiPortal FortiPortal versions 7.4.x antérieures à 7.4.1
Fortinet FortiClient FortiClientWindows toutes versions 7.0.x
Fortinet FortiClient FortiClientEMS toutes versions 6.4.x
Fortinet FortiOS FortiOS toutes versions 7.2.x
Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.3
Fortinet FortiADC FortiADC versions 7.4.x antérieures à 7.4.7
Fortinet FortiADC FortiADC toutes versions 6.2.x
Fortinet FortiPAM FortiPAM versions 1.3.x antérieures à 1.3.1
Fortinet FortiADC FortiADC versions 7.1.x antérieures à 7.1.5
Fortinet FortiSRA FortiSRA versions 1.4.x antérieures à 1.4.2
Fortinet FortiProxy FortiProxy toutes versions 2.0.x
Fortinet FortiClient FortiClientWindows versions 7.2.x antérieures à 7.2.7
Fortinet FortiADC FortiADC toutes versions 6.1.x
Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.8
Fortinet FortiProxy FortiProxy toutes versions 7.0.x
Fortinet FortiADC FortiADC versions 7.6.x antérieures à 7.6.2
Fortinet FortiPAM FortiPAM versions 1.2.x antérieures à 1.2.1
Fortinet FortiClient FortiClientEMS toutes versions 6.2.x
Fortinet FortiPAM FortiPAM versions 1.0.x antérieures à 1.0.4
Fortinet FortiPortal FortiPortal versions 7.2.x antérieures à 7.2.6
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 7.2.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 1.1.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC toutes versions 7.0.x",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions 6.4.x",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 1.2.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions 7.0.x",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions 6.2.x",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS toutes versions 6.4.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions 7.2.x",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC toutes versions 6.2.x",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.3.x ant\u00e9rieures \u00e0 1.3.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 2.0.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC toutes versions 6.1.x",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 7.0.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.2.x ant\u00e9rieures \u00e0 1.2.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS toutes versions 6.2.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.0.x ant\u00e9rieures \u00e0 1.0.4",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-32119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32119"
    },
    {
      "name": "CVE-2023-48786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48786"
    },
    {
      "name": "CVE-2024-50562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50562"
    },
    {
      "name": "CVE-2025-22256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22256"
    },
    {
      "name": "CVE-2023-29184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29184"
    },
    {
      "name": "CVE-2024-54019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54019"
    },
    {
      "name": "CVE-2025-24471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24471"
    },
    {
      "name": "CVE-2025-31104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31104"
    },
    {
      "name": "CVE-2024-45329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45329"
    },
    {
      "name": "CVE-2024-50568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50568"
    },
    {
      "name": "CVE-2025-25250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25250"
    },
    {
      "name": "CVE-2025-22251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22251"
    },
    {
      "name": "CVE-2025-22254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22254"
    },
    {
      "name": "CVE-2025-22862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22862"
    }
  ],
  "initial_release_date": "2025-06-11T00:00:00",
  "last_revision_date": "2025-06-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0496",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-385",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-385"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-274",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-274"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-257",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-257"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-099",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-099"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-375",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-375"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-058",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-058"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-008",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-008"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-006",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-006"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-287",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-287"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-342",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-342"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-008",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-008"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-544",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-544"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-339",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-339"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-365",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-365"
    }
  ]
}

CERTFR-2025-AVI-0399

Vulnerability from certfr_avis - Published: 2025-05-13 - Updated: 2025-05-13

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Fortinet indique que la vulnérabilité CVE-2025-32756 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Fortinet FortiClient FortiClientMac versions 7.4.x antérieures à 7.4.3
Fortinet FortiPortal FortiPortal versions 7.0.x antérieures à 7.0.10
Fortinet FortiMail FortiMail versions 7.4.x antérieures à 7.4.5
Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.7
Fortinet FortiNDR FortiNDR versions 7.1.x à 7.2.x antérieures à 7.2.5
Fortinet FortiNDR FortiNDR versions 7.6.x antérieures à 7.6.1
Fortinet FortiManager FortiManager versions 7.2.x antérieures à 7.2.2
Fortinet FortiMail FortiMail versions 7.6.x antérieures à 7.6.3
Fortinet FortiClientEMS FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.3
Fortinet FortiRecorder FortiRecorder versions 7.0.x antérieures à 7.0.6
Fortinet FortiManager FortiManager versions 7.0.x antérieures à 7.0.8
Fortinet FortiVoice FortiVoice versions 7.2.x antérieures à 7.2.1
Fortinet FortiRecorder FortiRecorder versions 7.2.x antérieures à 7.2.4
Fortinet FortiNDR FortiNDR versions antérieures à 7.0.7
Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.8
Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.2
Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.7
Fortinet FortiClient FortiClientMac versions 7.x antérieures à 7.2.9
Fortinet FortiRecorder FortiRecorder versions 6.4.x antérieures à 6.4.6
Fortinet FortiClient FortiClientWindows versions 7.2.x antérieures à 7.2.2
Fortinet FortiCamera FortiCamera versions antérieures à 2.1.4
Fortinet FortiPortal FortiPortal versions 7.4.x antérieures à 7.4.2
Fortinet FortiClientEMS FortiClientEMS versions 7.4.x antérieures à 7.4.3
Fortinet FortiSwitch FortiSwitchManager versions 7.2.x antérieures à 7.2.6
Fortinet FortiOS FortiOS versions antérieures à 7.0.15
Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.8
Fortinet FortiVoice FortiVoiceUCDesktop versions antérieures à 7.0
Fortinet FortiVoice FortiVoice versions 6.4.x antérieures à 6.4.11
Fortinet FortiNDR FortiNDR versions 7.4.x antérieures à 7.4.8
Fortinet FortiMail FortiMail versions 7.0.x antérieures à 7.0.9
Fortinet FortiPortal FortiPortal versions 7.2.x antérieures à 7.2.6
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.1.4",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceUCDesktop versions ant\u00e9rieures \u00e0 7.0",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-25251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25251"
    },
    {
      "name": "CVE-2025-47294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47294"
    },
    {
      "name": "CVE-2025-24473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24473"
    },
    {
      "name": "CVE-2024-54020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54020"
    },
    {
      "name": "CVE-2025-46777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46777"
    },
    {
      "name": "CVE-2024-35281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35281"
    },
    {
      "name": "CVE-2025-32756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"
    },
    {
      "name": "CVE-2025-22252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22252"
    },
    {
      "name": "CVE-2025-47295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47295"
    },
    {
      "name": "CVE-2025-22859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22859"
    }
  ],
  "initial_release_date": "2025-05-13T00:00:00",
  "last_revision_date": "2025-05-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0399",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-32756 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-472",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-472"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-552",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-552"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-381",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-381"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-548",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-548"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-025",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-025"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-388",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-388"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-380",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-380"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-016",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-016"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-254"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-023"
    }
  ]
}

CERTFR-2025-AVI-0120

Vulnerability from certfr_avis - Published: 2025-02-12 - Updated: 2025-02-12

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet FortiOS FortiOS versions antérieures à 7.0.16
Fortinet FortiPAM FortiPAM versions 1.1.x antérieures à 1.2.0
Fortinet FortiProxy FortiProxy versions 7.4.x antérieures à 7.4.1
Fortinet FortiProxy FortiProxy versions antérieures à 7.0.14
Fortinet FortiWeb FortiWeb versions antérieures à 7.4.6
Fortinet FortiSwitch FortiSwitchManager versions 7.0.x antérieures à 7.0.3
Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet FortiSwitch FortiSwitchManager versions 7.2.x antérieures à 7.2.3
Fortinet FortiAnalyzer FortiAnalyzer-BigData versions antérieures à 7.4.1
Fortinet FortiPortal FortiPortal versions 7.2.x antérieures à 7.2.7
Fortinet FortiManager FortiManager Cloud versions antérieures à 7.2.9
Fortinet FortiAnalyzer FortiAnalyzer versions 7.6.x antérieures à 7.6.1
Fortinet FortiClient FortiClientWindows versions 7.4.x antérieures à 7.4.1
Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet FortiAnalyzer FortiAnalyzer versions 7.4.x antérieures à 7.4.5
Fortinet FortiAnalyzer FortiAnalyzer versions antérieures à 7.2.8
Fortinet FortiManager FortiManager versions antérieures à 7.2.10
Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet FortiSandbox FortiSandbox versions 4.4.x antérieures à 4.4.5
Fortinet FortiAnalyzer FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.8
Fortinet FortiPortal FortiPortal versions 7.0.x antérieures à 7.0.12
Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions 7.4.x antérieures à 7.4.4
Fortinet FortiSIEM FortiSIEM versions 6.7.x, 7.0.x et 7.1.x
Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.8
Fortinet FortiClient FortiClientMac versions 7.4.x antérieures à 7.4.1
Fortinet FortiClient FortiClientMac versions 7.2.x antérieures à 7.2.5
Fortinet FortiSandbox FortiSandbox versions antérieures à 4.0.5
Fortinet FortiClient FortiClientMac versions 7.0.x antérieures à 7.0.13
Fortinet FortiPortal FortiPortal versions 7.4.x antérieures à 7.4.3
Fortinet FortiSandbox FortiSandbox versions 4.2.x antérieures à 4.2.7
Fortinet FortiClient FortiClientWindows versions 7.2.x antérieures à 7.2.7
Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.1
Fortinet FortiManager FortiManager Cloud versions 7.4.x antérieures à 7.4.6
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions antérieures à 7.2.6
Fortinet FortiClient FortiClientWindows versions 7.0.x antérieures à 7.0.14
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.2.0",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.7.x, 7.0.x et 7.1.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-50567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50567"
    },
    {
      "name": "CVE-2024-40586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40586"
    },
    {
      "name": "CVE-2024-50569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50569"
    },
    {
      "name": "CVE-2023-40721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40721"
    },
    {
      "name": "CVE-2024-52968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52968"
    },
    {
      "name": "CVE-2024-27781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27781"
    },
    {
      "name": "CVE-2024-27780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27780"
    },
    {
      "name": "CVE-2024-36508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36508"
    },
    {
      "name": "CVE-2024-40585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40585"
    },
    {
      "name": "CVE-2025-24470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24470"
    },
    {
      "name": "CVE-2024-35279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35279"
    },
    {
      "name": "CVE-2024-40591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40591"
    },
    {
      "name": "CVE-2024-33504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33504"
    },
    {
      "name": "CVE-2024-40584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40584"
    },
    {
      "name": "CVE-2024-52966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52966"
    }
  ],
  "initial_release_date": "2025-02-12T00:00:00",
  "last_revision_date": "2025-02-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0120",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-438",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-438"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-220",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-220"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-261",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-261"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-324",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-324"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-094",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-094"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-302",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-302"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-160",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-160"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-300",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-300"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-147",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-147"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-063",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-063"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-279",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-279"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-311",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-311"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-422",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-422"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-015",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-015"
    }
  ]
}

CERTFR-2025-AVI-0031

Vulnerability from certfr_avis - Published: 2025-01-15 - Updated: 2025-01-15

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Fortinet FortiClient FortiClientMac versions antérieures à 7.2.5
Fortinet FortiDDoS-F FortiDDoS-F versions antérieures à 6.3.3
Fortinet FortiAnalyzer FortiAnalyzer versions 7.6.x antérieures à 7.6.2
Fortinet FortiOS FortiOS versions antérieures à 7.6.1 pour la vulnérabilité CVE-2024-52963
Fortinet FortiRecorder FortiRecorder versions antérieures à 7.0.5
Fortinet FortiAnalyzer FortiAnalyzer versions 7.2.x antérieures à 7.2.6
Fortinet FortiAnalyzer FortiAnalyzer versions 7.0.x antérieures à 7.0.13
Fortinet FortiSOAR FortiSOAR versions 7.4.x antérieures à 7.4.5
Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet FortiSOAR Connecteur IMAP pour FortiSOAR versions antérieures à 3.5.8
Fortinet FortiManager FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.4
Fortinet FortiOS FortiOS versions antérieures à 7.0.16
Fortinet FortiPortal FortiPortal versions 7.0.x antérieures à 7.0.9
Fortinet FortiWLC FortiWLC versions 8.6.x antérieures à 8.6.6
Fortinet FortiManager FortiManager versions 6.4.x antérieures à 6.4.15
Fortinet FortiClient FortiClientEMS versions 7.4.x antérieures à 7.4.1
Fortinet FortiClient FortiClientEMS Cloud versions antérieures à 7.2.5
Fortinet FortiClient FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.1
Fortinet FortiPortal FortiPortal versions 6.0.x antérieures à 6.0.15
Fortinet FortiClient FortiClientMac versions antérieures à 7.4.0
Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet FortiMail FortiMail versions 6.4x antérieures à 6.4.8
Fortinet FortiManager FortiManager versions 7.0.x antérieures à 7.0.13
Fortinet FortiVoiceEnterprise FortiVoiceEnterprise versions antérieures à 6.0.10
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions 7.4.x postérieures à 7.4.1 et antérieures à 7.4.4
Fortinet FortiWeb FortiWeb versions 7.2.x antérieures à 7.2.8
Fortinet FortiManager FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.7
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions 7.2.x postérieures à 7.2.1 et antérieures à 7.2.7
Fortinet FortiSwitch FortiSwitch versions 7.4.x antérieures à 7.4.1
Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.2
Fortinet FortiAP-W2 FortiAP-W2 versions antérieures à 7.2.4
Fortinet FortiClient FortiClientEMS versions antérieures à 7.2.5
Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet FortiSwitch FortiSwitch versions 7.2.x antérieures à 7.2.6
Fortinet FortiDDoS FortiDDoS versions antérieures à 5.5.1
Fortinet FortiAP FortiAP versions antérieures à 7.2.4
Fortinet FortiSwitch FortiSwitch versions antérieures à 6.2.8
Fortinet FortiClient FortiClientWindows versions antérieures à 7.4.1
Fortinet FortiSOAR FortiSOAR versions antérieures à 7.2.2 Security Patch 9
Fortinet FortiAnalyzer FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6
Fortinet FortiDeceptor FortiDeceptor versions antérieures à 6.0.1
Fortinet FortiAP-S FortiAP-S versions antérieures à 6.4.10
Fortinet FortiVoiceEnterprise FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4
Fortinet FortiAuthenticator FortiAuthenticator versions antérieures à 6.3.3
Fortinet FortiPortal FortiPortal versions 7.2.x antérieures à 7.2.5
Fortinet FortiProxy FortiProxy versions 7.0.x antérieures à 7.0.19
Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet FortiAnalyzer FortiAnalyzer versions 7.4.x antérieures à 7.4.4
Fortinet FortiWeb FortiWeb versions 7.4.x antérieures à 7.4.5
Fortinet FortiManager FortiManager Cloud versions antérieures à 7.0.13
Fortinet FortiSandbox FortiSandbox versions 4.4.x antérieures à 4.4.5
Fortinet FortiAP FortiAP versions 7.4.x antérieures à 7.4.3
Fortinet FortiClient FortiClientLinux versions antérieures à 7.2.5
Fortinet FortiSwitch FortiSwitch versions 6.4.x antérieures à 6.4.14
Fortinet FortiNDR FortiNDR versions antérieures à 7.2.2
Fortinet FortiManager FortiManager versions 6.2.x antérieures à 6.2.12
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions antérieures à 7.0.12
Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.1
Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.5
Fortinet FortiNDR FortiNDR versions 7.4.x antérieures à 7.4.3
Fortinet FortiProxy FortiProxy versions 2.0.x antérieures à 2.0.15
Fortinet FortiSOAR FortiSOAR versions 7.3.x antérieures à 7.3.3
Fortinet FortiManager FortiManager versions 7.2.x antérieures à 7.2.6
Fortinet FortiClient FortiClientLinux versions antérieures à 7.4.0
Fortinet FortiSIEM FortiSIEM versions antérieures à 7.1.6
Fortinet FortiSandbox FortiSandbox versions antérieures à 4.0.5
Fortinet FortiAP-W2 FortiAP-W2 versions 7.4.x antérieures à 7.4.3
Fortinet FortiSandbox FortiSandbox versions 4.2.x antérieures à 4.2.7
Fortinet FortiADC FortiADC versions 6.2.x antérieures à 6.2.4
Fortinet FortiProxy FortiProxy versions 7.4.x antérieures à 7.4.6
Fortinet FortiSwitch FortiSwitch versions 7.0.x antérieures à 7.0.8
Fortinet FortiTester FortiTester versions antérieures à 7.2.1
Fortinet FortiAnalyzer FortiAnalyzer versions 6.4.x antérieures à 6.4.15
Fortinet FortiAuthenticator FortiAuthenticator versions 6.4.x antérieures à 6.4.1
Fortinet FortiVoice FortiVoice versions antérieures à 6.4.10
Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.12
Fortinet FortiSOAR FortiSOAR versions 7.5.x antérieures à 7.5.1
Fortinet FortiRecorder FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet FortiMail FortiMail versions 7.0.x antérieures à 7.0.7
References
Bulletin de sécurité Fortinet FG-IR-23-258 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-458 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-061 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-405 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-285 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-165 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-494 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-220 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-221 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-078 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-282 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-373 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-106 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-250 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-189 2025-01-15 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-401 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-239 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-097 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-260 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-170 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-259 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-143 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-476 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-415 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-461 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-266 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-407 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-086 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-465 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-222 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-219 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-210 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-211 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-267 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-010 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-473 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-216 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-326 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-135 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-152 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-304 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-164 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-310 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-405 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-127 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-381 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-091 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-417 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-293 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-071 2025-01-14 vendor-advisory

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.3.3",
      "product": {
        "name": "FortiDDoS-F",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.1 pour la vuln\u00e9rabilit\u00e9 CVE-2024-52963",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "Connecteur IMAP pour FortiSOAR versions ant\u00e9rieures \u00e0 3.5.8",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLC versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
      "product": {
        "name": "FortiWLC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.15",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.10",
      "product": {
        "name": "FortiVoiceEnterprise",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.4.x post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.2.x post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAP-W2",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.2.8",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.2 Security Patch 9",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-S versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiAP-S",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
      "product": {
        "name": "FortiVoiceEnterprise",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.3",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.19",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.14",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.12",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.15",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.1.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAP-W2",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.5.x ant\u00e9rieures \u00e0 7.5.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45326"
    },
    {
      "name": "CVE-2023-37931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37931"
    },
    {
      "name": "CVE-2024-32115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32115"
    },
    {
      "name": "CVE-2023-42786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42786"
    },
    {
      "name": "CVE-2024-35280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35280"
    },
    {
      "name": "CVE-2024-35273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35273"
    },
    {
      "name": "CVE-2024-48884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48884"
    },
    {
      "name": "CVE-2024-46666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46666"
    },
    {
      "name": "CVE-2022-23439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23439"
    },
    {
      "name": "CVE-2024-47571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47571"
    },
    {
      "name": "CVE-2024-35275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35275"
    },
    {
      "name": "CVE-2024-47573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47573"
    },
    {
      "name": "CVE-2024-52963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52963"
    },
    {
      "name": "CVE-2023-37937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37937"
    },
    {
      "name": "CVE-2024-33503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33503"
    },
    {
      "name": "CVE-2024-55593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55593"
    },
    {
      "name": "CVE-2024-48885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48885"
    },
    {
      "name": "CVE-2024-46662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46662"
    },
    {
      "name": "CVE-2024-27778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27778"
    },
    {
      "name": "CVE-2024-48893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48893"
    },
    {
      "name": "CVE-2024-47566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47566"
    },
    {
      "name": "CVE-2024-52969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52969"
    },
    {
      "name": "CVE-2024-35276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35276"
    },
    {
      "name": "CVE-2024-40587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40587"
    },
    {
      "name": "CVE-2024-36512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36512"
    },
    {
      "name": "CVE-2023-46715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46715"
    },
    {
      "name": "CVE-2024-36510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36510"
    },
    {
      "name": "CVE-2024-56497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56497"
    },
    {
      "name": "CVE-2024-46665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46665"
    },
    {
      "name": "CVE-2024-48890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48890"
    },
    {
      "name": "CVE-2024-21758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21758"
    },
    {
      "name": "CVE-2024-52967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52967"
    },
    {
      "name": "CVE-2023-37936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37936"
    },
    {
      "name": "CVE-2024-46668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46668"
    },
    {
      "name": "CVE-2024-35278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35278"
    },
    {
      "name": "CVE-2024-26012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26012"
    },
    {
      "name": "CVE-2024-46664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46664"
    },
    {
      "name": "CVE-2024-23106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23106"
    },
    {
      "name": "CVE-2024-54021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54021"
    },
    {
      "name": "CVE-2024-46669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46669"
    },
    {
      "name": "CVE-2023-5217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
    },
    {
      "name": "CVE-2023-42785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42785"
    },
    {
      "name": "CVE-2024-36504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36504"
    },
    {
      "name": "CVE-2024-35277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35277"
    },
    {
      "name": "CVE-2023-4863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
    },
    {
      "name": "CVE-2024-48886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48886"
    },
    {
      "name": "CVE-2024-50564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50564"
    },
    {
      "name": "CVE-2024-33502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33502"
    },
    {
      "name": "CVE-2024-45331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45331"
    },
    {
      "name": "CVE-2024-50563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50563"
    },
    {
      "name": "CVE-2024-36506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36506"
    },
    {
      "name": "CVE-2024-46667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46667"
    },
    {
      "name": "CVE-2024-46670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46670"
    },
    {
      "name": "CVE-2024-47572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47572"
    }
  ],
  "initial_release_date": "2025-01-15T00:00:00",
  "last_revision_date": "2025-01-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0031",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-258",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-258"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-458",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-458"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-061",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-061"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-405",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-405"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-285",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-285"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-165",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-165"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-494",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-494"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-220",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-220"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-221",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-221"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-078",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-078"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-282",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-282"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-373",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-373"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-106",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-106"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-250",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-250"
    },
    {
      "published_at": "2025-01-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-189",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-189"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-401",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-401"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-239",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-239"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-097",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-097"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-260",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-260"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-170",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-170"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-259",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-259"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-143",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-143"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-476",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-476"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-415",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-415"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-461",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-461"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-266",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-266"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-407",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-407"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-086",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-086"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-465",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-465"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-222",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-222"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-219",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-219"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-210",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-210"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-211",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-211"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-267",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-267"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-010",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-010"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-473",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-473"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-216",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-216"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-326",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-326"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-135",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-135"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-152",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-152"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-304",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-304"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-164",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-164"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-310",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-310"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-405",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-405"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-127",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-127"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-381",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-381"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-091",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-091"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-417",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-417"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-293",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-293"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-071",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-071"
    }
  ]
}

VAR-202112-0338

Vulnerability from variot - Updated: 2025-10-16 23:51

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. (DoS) It may be in a state

Show details on source website
To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0338",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortivoice",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.4"
      },
      {
        "model": "fortiproxy",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "2.0.7"
      },
      {
        "model": "fortivoice",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortindr",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "1.1.0"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortirecorder",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.10"
      },
      {
        "model": "fortiswitch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.9"
      },
      {
        "model": "fortiadc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortirecorder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "2.6.0"
      },
      {
        "model": "fortiadc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.1.5"
      },
      {
        "model": "fortiadc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.2"
      },
      {
        "model": "fortiswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortiswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortirecorder",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.2"
      },
      {
        "model": "fortimail",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.2"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.2"
      },
      {
        "model": "fortiweb",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.3.16"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.2"
      },
      {
        "model": "fortiweb",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.13"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortirecorder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortivoice",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.10"
      },
      {
        "model": "fortimail",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortimail",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortios-6k7k",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.8"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortiproxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortindr",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "1.5.2"
      },
      {
        "model": "fortios-6k7k",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.1"
      },
      {
        "model": "fortiproxy",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "1.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.2"
      },
      {
        "model": "fortivoice",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimail",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortiproxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      },
      {
        "model": "fortimail",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimail",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortiportal",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.10"
      },
      {
        "model": "fortios-6k7k",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortiportal",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortiswitch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.3"
      },
      {
        "model": "fortiadc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortimanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortianalyzer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "cve": "CVE-2021-42757",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-42757",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-403819",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "id": "CVE-2021-42757",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-016008",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-42757",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2021-42757",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-42757",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202112-559",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-403819",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-403819"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. (DoS) It may be in a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "VULHUB",
        "id": "VHN-403819"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-42757",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-403819",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-403819"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "id": "VAR-202112-0338",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-403819"
      }
    ],
    "trust": 0.36984128000000005
  },
  "last_update_date": "2025-10-16T23:51:10.317000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-21-173",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/FG-IR-21-173"
      },
      {
        "title": "Fortinet FortiOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173877"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-120",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-403819"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-21-173"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42757"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortios-buffer-overflow-via-tftp-client-library-37026"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-403819"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-403819"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-403819"
      },
      {
        "date": "2021-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      },
      {
        "date": "2022-12-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "date": "2021-12-08T11:15:11.840000",
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-403819"
      },
      {
        "date": "2021-12-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      },
      {
        "date": "2022-12-05T06:18:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "date": "2025-10-16T10:15:36.230000",
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiOS\u00a0 of \u00a0TFTP\u00a0 client library and \u00a0FortiOS\u00a0 Classic buffer overflow vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      }
    ],
    "trust": 0.6
  }
}

VAR-201705-3938

Vulnerability from variot - Updated: 2025-04-20 23:23

A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. Fortinet FortiPortal Contains an information disclosure vulnerability.Information may be obtained. FortiPortal is prone to the following multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restriction and perform unauthorized actions, redirect users to an attacker-controlled site or obtain sensitive information. Versions prior to FortiPortal 4.0.1 are vulnerable. Fortinet FortiPortal is a product developed by Fortinet to help Managed Security Service Provider (MSSP) operate cloud-based security management and log retention services

Show details on source website
To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3938",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortiportal",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "4.0.0"
      },
      {
        "model": "fortiportal",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "4.0.0"
      },
      {
        "model": "fortiportal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.0"
      },
      {
        "model": "fortiportal",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004225"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1376"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7338"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:fortinet:fortiportal",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004225"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Tredger, Senior Security Consultant, Aura Information Security",
    "sources": [
      {
        "db": "BID",
        "id": "98484"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-7338",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-7338",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-115541",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-7338",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-7338",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-7338",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-1376",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-115541",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004225"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1376"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7338"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. Fortinet FortiPortal Contains an information disclosure vulnerability.Information may be obtained. FortiPortal is prone to the following multiple security vulnerabilities. \nAn attacker can exploit these issues to execute arbitrary script code in   the browser of an unsuspecting user in the context of the affected   site, steal cookie-based authentication credentials, bypass security restriction and perform   unauthorized actions, redirect users to an attacker-controlled site or obtain sensitive information. \nVersions prior to FortiPortal 4.0.1 are vulnerable. Fortinet FortiPortal is a product developed by Fortinet to help Managed Security Service Provider (MSSP) operate cloud-based security management and log retention services",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7338"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004225"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115541"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-7338",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004225",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1376",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "98484",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-115541",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115541"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004225"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1376"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7338"
      }
    ]
  },
  "id": "VAR-201705-3938",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115541"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:23:26.434000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FortiPortal Multiple Vulnerabilities",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/FG-IR-17-114"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004225"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004225"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7338"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://fortiguard.com/psirt/fg-ir-17-114"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7338"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7338"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115541"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004225"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1376"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7338"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-115541"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004225"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1376"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7338"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115541"
      },
      {
        "date": "2017-05-15T00:00:00",
        "db": "BID",
        "id": "98484"
      },
      {
        "date": "2017-06-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004225"
      },
      {
        "date": "2017-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1376"
      },
      {
        "date": "2017-05-27T00:29:01.147000",
        "db": "NVD",
        "id": "CVE-2017-7338"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115541"
      },
      {
        "date": "2017-05-15T00:00:00",
        "db": "BID",
        "id": "98484"
      },
      {
        "date": "2017-06-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004225"
      },
      {
        "date": "2017-05-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1376"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-7338"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1376"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiPortal Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004225"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1376"
      }
    ],
    "trust": 0.6
  }
}

VAR-201705-4144

Vulnerability from variot - Updated: 2025-04-20 23:23

A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. Fortinet FortiPortal Contains a vulnerability related to the password management function.Information may be obtained. FortiPortal is prone to the following multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restriction and perform unauthorized actions, redirect users to an attacker-controlled site or obtain sensitive information. Versions prior to FortiPortal 4.0.1 are vulnerable. Fortinet FortiPortal is a product developed by Fortinet to help Managed Security Service Provider (MSSP) operate cloud-based security management and log retention services

Show details on source website
To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-4144",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortiportal",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "4.0.0"
      },
      {
        "model": "fortiportal",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "4.0.0"
      },
      {
        "model": "fortiportal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.0"
      },
      {
        "model": "fortiportal",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1322"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7731"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:fortinet:fortiportal",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004228"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Tredger, Senior Security Consultant, Aura Information Security",
    "sources": [
      {
        "db": "BID",
        "id": "98484"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-7731",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-7731",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-115934",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-7731",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-7731",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-7731",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201705-1322",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-115934",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1322"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7731"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. Fortinet FortiPortal Contains a vulnerability related to the password management function.Information may be obtained. FortiPortal is prone to the following multiple security vulnerabilities. \nAn attacker can exploit these issues to execute arbitrary script code in   the browser of an unsuspecting user in the context of the affected   site, steal cookie-based authentication credentials, bypass security restriction and perform   unauthorized actions, redirect users to an attacker-controlled site or obtain sensitive information. \nVersions prior to FortiPortal 4.0.1 are vulnerable. Fortinet FortiPortal is a product developed by Fortinet to help Managed Security Service Provider (MSSP) operate cloud-based security management and log retention services",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7731"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004228"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115934"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-7731",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004228",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1322",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "98484",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-115934",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115934"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1322"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7731"
      }
    ]
  },
  "id": "VAR-201705-4144",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115934"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:23:26.401000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FortiPortal Multiple Vulnerabilities",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/FG-IR-17-114"
      },
      {
        "title": "Fortinet FortiPortal Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70616"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1322"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-640",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115934"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004228"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7731"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://fortiguard.com/psirt/fg-ir-17-114"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7731"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7731"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115934"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1322"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7731"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-115934"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1322"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7731"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115934"
      },
      {
        "date": "2017-05-15T00:00:00",
        "db": "BID",
        "id": "98484"
      },
      {
        "date": "2017-06-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004228"
      },
      {
        "date": "2017-05-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-1322"
      },
      {
        "date": "2017-05-27T00:29:01.270000",
        "db": "NVD",
        "id": "CVE-2017-7731"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115934"
      },
      {
        "date": "2017-05-15T00:00:00",
        "db": "BID",
        "id": "98484"
      },
      {
        "date": "2017-06-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004228"
      },
      {
        "date": "2017-05-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-1322"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-7731"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1322"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiPortal Vulnerable to password management",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004228"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1322"
      }
    ],
    "trust": 0.6
  }
}

VAR-201705-3939

Vulnerability from variot - Updated: 2025-04-20 23:23

A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. Fortinet FortiPortal Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortiPortal is prone to the following multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restriction and perform unauthorized actions, redirect users to an attacker-controlled site or obtain sensitive information. Versions prior to FortiPortal 4.0.1 are vulnerable. Fortinet FortiPortal is a product developed by Fortinet to help Managed Security Service Provider (MSSP) operate cloud-based security management and log retention services

Show details on source website
To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3939",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortiportal",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "4.0.0"
      },
      {
        "model": "fortiportal",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "4.0.0"
      },
      {
        "model": "fortiportal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.0"
      },
      {
        "model": "fortiportal",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1375"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7339"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:fortinet:fortiportal",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004226"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Tredger, Senior Security Consultant, Aura Information Security",
    "sources": [
      {
        "db": "BID",
        "id": "98484"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-7339",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-7339",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-115542",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-7339",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-7339",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-7339",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-1375",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-115542",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115542"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1375"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7339"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the \u0027Name\u0027 and \u0027Description\u0027 inputs in the \u0027Add Revision Backup\u0027 functionality. Fortinet FortiPortal Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortiPortal is prone to the following multiple security vulnerabilities. \nAn attacker can exploit these issues to execute arbitrary script code in   the browser of an unsuspecting user in the context of the affected   site, steal cookie-based authentication credentials, bypass security restriction and perform   unauthorized actions, redirect users to an attacker-controlled site or obtain sensitive information. \nVersions prior to FortiPortal 4.0.1 are vulnerable. Fortinet FortiPortal is a product developed by Fortinet to help Managed Security Service Provider (MSSP) operate cloud-based security management and log retention services",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7339"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004226"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115542"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-7339",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004226",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1375",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "98484",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-115542",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115542"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1375"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7339"
      }
    ]
  },
  "id": "VAR-201705-3939",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115542"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:23:26.372000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FortiPortal Multiple Vulnerabilities",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/FG-IR-17-114"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004226"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115542"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004226"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7339"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://fortiguard.com/psirt/fg-ir-17-114"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7339"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7339"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115542"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1375"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7339"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-115542"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1375"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7339"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115542"
      },
      {
        "date": "2017-05-15T00:00:00",
        "db": "BID",
        "id": "98484"
      },
      {
        "date": "2017-06-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004226"
      },
      {
        "date": "2017-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1375"
      },
      {
        "date": "2017-05-27T00:29:01.190000",
        "db": "NVD",
        "id": "CVE-2017-7339"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115542"
      },
      {
        "date": "2017-05-15T00:00:00",
        "db": "BID",
        "id": "98484"
      },
      {
        "date": "2017-06-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004226"
      },
      {
        "date": "2017-05-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1375"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-7339"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1375"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiPortal Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004226"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1375"
      }
    ],
    "trust": 0.6
  }
}

VAR-201705-3937

Vulnerability from variot - Updated: 2025-04-20 23:23

An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. Fortinet FortiPortal Contains an access control vulnerability.Information may be obtained and information may be altered. FortiPortal is prone to the following multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restriction and perform unauthorized actions, redirect users to an attacker-controlled site or obtain sensitive information. Versions prior to FortiPortal 4.0.1 are vulnerable. Fortinet FortiPortal is a product developed by Fortinet to help Managed Security Service Provider (MSSP) operate cloud-based security management and log retention services. An access control error vulnerability exists in Fortinet FortiPortal 4.0.0 and earlier versions

Show details on source website
To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3937",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortiportal",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "4.0.0"
      },
      {
        "model": "fortiportal",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "4.0.0"
      },
      {
        "model": "fortiportal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.0"
      },
      {
        "model": "fortiportal",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1377"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7337"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:fortinet:fortiportal",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004224"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Tredger, Senior Security Consultant, Aura Information Security",
    "sources": [
      {
        "db": "BID",
        "id": "98484"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-7337",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-7337",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-115540",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-7337",
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-7337",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-7337",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-1377",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-115540",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115540"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1377"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7337"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user\u0027s stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. Fortinet FortiPortal Contains an access control vulnerability.Information may be obtained and information may be altered. FortiPortal is prone to the following multiple security vulnerabilities. \nAn attacker can exploit these issues to execute arbitrary script code in   the browser of an unsuspecting user in the context of the affected   site, steal cookie-based authentication credentials, bypass security restriction and perform   unauthorized actions, redirect users to an attacker-controlled site or obtain sensitive information. \nVersions prior to FortiPortal 4.0.1 are vulnerable. Fortinet FortiPortal is a product developed by Fortinet to help Managed Security Service Provider (MSSP) operate cloud-based security management and log retention services. An access control error vulnerability exists in Fortinet FortiPortal 4.0.0 and earlier versions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7337"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004224"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115540"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-7337",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004224",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1377",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "98484",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-115540",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115540"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1377"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7337"
      }
    ]
  },
  "id": "VAR-201705-3937",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115540"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:23:26.340000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FortiPortal Multiple Vulnerabilities",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/FG-IR-17-114"
      },
      {
        "title": "Fortinet FortiPortal Fixes for access control error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100386"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1377"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-732",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115540"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004224"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7337"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://fortiguard.com/psirt/fg-ir-17-114"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7337"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7337"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115540"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1377"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7337"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-115540"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1377"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7337"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115540"
      },
      {
        "date": "2017-05-15T00:00:00",
        "db": "BID",
        "id": "98484"
      },
      {
        "date": "2017-06-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004224"
      },
      {
        "date": "2017-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1377"
      },
      {
        "date": "2017-05-27T00:29:01.113000",
        "db": "NVD",
        "id": "CVE-2017-7337"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115540"
      },
      {
        "date": "2017-05-15T00:00:00",
        "db": "BID",
        "id": "98484"
      },
      {
        "date": "2017-06-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004224"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1377"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-7337"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1377"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiPortal Access control vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004224"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1377"
      }
    ],
    "trust": 0.6
  }
}

VAR-201705-3940

Vulnerability from variot - Updated: 2025-04-20 23:23

An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. Fortinet FortiPortal Contains an open redirect vulnerability.Information may be obtained and information may be altered. FortiPortal is prone to the following multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restriction and perform unauthorized actions, redirect users to an attacker-controlled site or obtain sensitive information. Versions prior to FortiPortal 4.0.1 are vulnerable. Fortinet FortiPortal is a product developed by Fortinet to help Managed Security Service Provider (MSSP) operate cloud-based security management and log retention services

Show details on source website
To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3940",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortiportal",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "4.0.0"
      },
      {
        "model": "fortiportal",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "4.0.0"
      },
      {
        "model": "fortiportal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.0"
      },
      {
        "model": "fortiportal",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004227"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1371"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7343"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:fortinet:fortiportal",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004227"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Tredger, Senior Security Consultant, Aura Information Security",
    "sources": [
      {
        "db": "BID",
        "id": "98484"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-7343",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-7343",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-115546",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-7343",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-7343",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-7343",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-1371",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-115546",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115546"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004227"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1371"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7343"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. Fortinet FortiPortal Contains an open redirect vulnerability.Information may be obtained and information may be altered. FortiPortal is prone to the following multiple security vulnerabilities. \nAn attacker can exploit these issues to execute arbitrary script code in   the browser of an unsuspecting user in the context of the affected   site, steal cookie-based authentication credentials, bypass security restriction and perform   unauthorized actions, redirect users to an attacker-controlled site or obtain sensitive information. \nVersions prior to FortiPortal 4.0.1 are vulnerable. Fortinet FortiPortal is a product developed by Fortinet to help Managed Security Service Provider (MSSP) operate cloud-based security management and log retention services",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004227"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115546"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-7343",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004227",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1371",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "98484",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-115546",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115546"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004227"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1371"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7343"
      }
    ]
  },
  "id": "VAR-201705-3940",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115546"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:23:26.310000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FortiPortal Multiple Vulnerabilities",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/FG-IR-17-114"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004227"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-601",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115546"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004227"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7343"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://fortiguard.com/psirt/fg-ir-17-114"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7343"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7343"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115546"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004227"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1371"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7343"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-115546"
      },
      {
        "db": "BID",
        "id": "98484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004227"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1371"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7343"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115546"
      },
      {
        "date": "2017-05-15T00:00:00",
        "db": "BID",
        "id": "98484"
      },
      {
        "date": "2017-06-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004227"
      },
      {
        "date": "2017-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1371"
      },
      {
        "date": "2017-05-27T00:29:01.223000",
        "db": "NVD",
        "id": "CVE-2017-7343"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115546"
      },
      {
        "date": "2017-05-15T00:00:00",
        "db": "BID",
        "id": "98484"
      },
      {
        "date": "2017-06-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004227"
      },
      {
        "date": "2017-05-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1371"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-7343"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1371"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiPortal Open redirect vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004227"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1371"
      }
    ],
    "trust": 0.6
  }
}