Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
85 vulnerabilities found for FortiSIEM by Fortinet
CERTFR-2026-AVI-0265
Vulnerability from certfr_avis - Published: 2026-03-11 - Updated: 2026-03-11
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Concernant la vulnérabilité CVE-2025-66178, l'éditeur fournit certaines recommandations dans l'attente de la version correctrice.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiClient | FortiClientLinux versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiClient | FortiClientLinux versions antérieures à 7.2.13 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 4.4.8 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.6.5 | ||
| Fortinet | FortiManager | FortiManager Cloud versions antérieures à 7.6.5 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiDeceptor | FortiDeceptor toutes versions antérieures à 6.2.1 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions antérieures à 7.6.5 | ||
| Fortinet | FortiSOAR | FortiSOAR Agent Communication Bridge versions antérieures à 1.1.1 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 7.6.7 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.3.x antérieures à 7.3.5 | ||
| Fortinet | FortiWeb | FortiWeb versions 8.0.x antérieures à 8.0.4 | ||
| Fortinet | FortiRecorder | FortiRecorder toutes versions antérieures à 7.2.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions antérieures à 7.4.5 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiSwitch | FortiSwitchAXFixed versions 1.0.x antérieures à 1.0.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.6.5 | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.9 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientLinux versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.13",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.8",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.6.5",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.6.5",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor toutes versions ant\u00e9rieures \u00e0 6.2.1",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.6.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR Agent Communication Bridge versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.7",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.5",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder toutes versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchAXFixed versions 1.0.x ant\u00e9rieures \u00e0 1.0.2",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.6.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-30897",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30897"
},
{
"name": "CVE-2025-53608",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53608"
},
{
"name": "CVE-2026-24017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24017"
},
{
"name": "CVE-2025-68648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68648"
},
{
"name": "CVE-2026-24640",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24640"
},
{
"name": "CVE-2026-22572",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22572"
},
{
"name": "CVE-2025-48418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48418"
},
{
"name": "CVE-2025-48840",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48840"
},
{
"name": "CVE-2026-24641",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24641"
},
{
"name": "CVE-2026-22627",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22627"
},
{
"name": "CVE-2025-55717",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55717"
},
{
"name": "CVE-2026-24018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24018"
},
{
"name": "CVE-2025-54820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54820"
},
{
"name": "CVE-2025-49784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49784"
},
{
"name": "CVE-2026-22629",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22629"
},
{
"name": "CVE-2025-66178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66178"
},
{
"name": "CVE-2026-25689",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25689"
},
{
"name": "CVE-2026-25972",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25972"
},
{
"name": "CVE-2025-54659",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54659"
},
{
"name": "CVE-2025-68482",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68482"
},
{
"name": "CVE-2026-22628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22628"
},
{
"name": "CVE-2026-25836",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25836"
}
],
"initial_release_date": "2026-03-11T00:00:00",
"last_revision_date": "2026-03-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0265",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nConcernant la vuln\u00e9rabilit\u00e9 CVE-2025-66178, l\u0027\u00e9diteur fournit certaines recommandations dans l\u0027attente de la version correctrice.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-078",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-078"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-096",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-096"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-098",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-098"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-080",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-080"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-088",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-088"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-094",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-094"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-092",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-092"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-090",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-090"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-081",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-081"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-095",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-095"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-093",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-093"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-083",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-083"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-087",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-087"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-079",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-079"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-086",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-086"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-077",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-077"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-082",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-082"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-097",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-097"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-085",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-085"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-091",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-091"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-089",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-089"
},
{
"published_at": "2026-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-084",
"url": "https://www.fortiguard.com/psirt/FG-IR-26-084"
}
]
}
CERTFR-2026-AVI-0035
Vulnerability from certfr_avis - Published: 2026-01-14 - Updated: 2026-01-14
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection SQL (SQLi).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiClient | FortiClientEMS versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiSandbox | FortiSandbox toutes versions 4.0.x | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiClient | FortiClientEMS toutes versions 7.0.x | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.17 | ||
| Fortinet | FortiFone | FortiFone versions 3.0.x antérieures à 3.0.24 | ||
| Fortinet | FortiSandbox | FortiSandbox toutes versions 4.4.x | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 5.0.5 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.1.x antérieures à 7.1.9 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiSASE | FortiSASE versions 25.x antérieures à 25.2.c | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.9 | ||
| Fortinet | FortiClient | FortiClientEMS versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiFone | FortiFone versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.18 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiSIEM | FortiSIEM toutes versions 6.7.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.3.x antérieures à 7.3.5 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiSandbox | FortiSandbox toutes versions 4.2.x | ||
| Fortinet | FortiSIEM | FortiSIEM toutes versions 7.0.x |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox toutes versions 4.0.x",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS toutes versions 7.0.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.17",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiFone versions 3.0.x ant\u00e9rieures \u00e0 3.0.24",
"product": {
"name": "FortiFone",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox toutes versions 4.4.x",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 5.0.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.1.x ant\u00e9rieures \u00e0 7.1.9",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSASE versions 25.x ant\u00e9rieures \u00e0 25.2.c",
"product": {
"name": "FortiSASE",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiFone versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiFone",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.18",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM toutes versions 6.7.x",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.5",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox toutes versions 4.2.x",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM toutes versions 7.0.x",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58693"
},
{
"name": "CVE-2025-47855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47855"
},
{
"name": "CVE-2025-59922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59922"
},
{
"name": "CVE-2025-25249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25249"
},
{
"name": "CVE-2025-67685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67685"
},
{
"name": "CVE-2025-64155",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64155"
}
],
"initial_release_date": "2026-01-14T00:00:00",
"last_revision_date": "2026-01-14T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0035",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection SQL (SQLi).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-783",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-783"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-778",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-778"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-084",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-084"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-260",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-260"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-735",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-735"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-772",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-772"
}
]
}
CERTFR-2025-AVI-0871
Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiDLP | FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x | ||
| Fortinet | FortiADC | FortiADC toutes versions 6.2.x et 7.0.x | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10 | ||
| Fortinet | FortiTester | FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.0.7 à 6.0.12 | ||
| Fortinet | FortiClient | FortiClientMac toutes versions 7.0.x | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise toutes versions 7.3.x et 7.4.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiPAM | FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x | ||
| Fortinet | FortiSRA | FortiSRA versions 1.5.x antérieures à 1.5.1 | ||
| Fortinet | FortiWeb | FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x | ||
| Fortinet | FortiDLP | FortiDLP versions 12.2.x et antérieures à 12.2.3 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiNDR | FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiManager | FortiManager Cloud toutes versions 6.4.x | ||
| Fortinet | FortiPAM | FortiPAM versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.5.x antérieures à 1.5.1 | ||
| Fortinet | FortiSIEM | FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiSRA | FortiSRA versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiClient | FortiClientWindows toutes versions 7.0.x | ||
| Fortinet | FortiIsolator | FortiIsolator versions 2.4.x antérieures à 2.4.5 | ||
| Fortinet | FortiTester | FortiTester version 7.4 antérieures à 7.4.3 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.4.x antérieures à 6.4.10 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6 | ||
| Fortinet | FortiOS | FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x | ||
| Fortinet | FortiIsolator | FortiIsolator toutes versions 2.3.x | ||
| Fortinet | FortiADC | FortiADC versions 7.1.x antérieures à 7.1.5 | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud toutes versions 6.4.x | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.14 | ||
| Fortinet | FortiManager | FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.9 | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise versions 7.5.x antérieures à 7.5.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x",
"product": {
"name": "FortiDLP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC toutes versions 6.2.x et 7.0.x",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x",
"product": {
"name": "FortiTester",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.0.7 \u00e0 6.0.12",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac toutes versions 7.0.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise toutes versions 7.3.x et 7.4.x",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "FortiSRA",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDLP versions 12.2.x et ant\u00e9rieures \u00e0 12.2.3",
"product": {
"name": "FortiDLP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud toutes versions 6.4.x",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiSRA",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows toutes versions 7.0.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.5",
"product": {
"name": "FortiIsolator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester version 7.4 ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiTester",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator toutes versions 2.3.x",
"product": {
"name": "FortiIsolator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud toutes versions 6.4.x",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise versions 7.5.x ant\u00e9rieures \u00e0 7.5.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58325"
},
{
"name": "CVE-2025-46752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46752"
},
{
"name": "CVE-2025-31365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31365"
},
{
"name": "CVE-2025-49201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49201"
},
{
"name": "CVE-2025-54822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54822"
},
{
"name": "CVE-2025-57741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57741"
},
{
"name": "CVE-2025-58903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58903"
},
{
"name": "CVE-2025-31514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31514"
},
{
"name": "CVE-2025-25253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25253"
},
{
"name": "CVE-2024-33507",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33507"
},
{
"name": "CVE-2025-25255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25255"
},
{
"name": "CVE-2023-46718",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46718"
},
{
"name": "CVE-2025-47890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47890"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2024-26008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26008"
},
{
"name": "CVE-2025-25252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25252"
},
{
"name": "CVE-2024-48891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48891"
},
{
"name": "CVE-2025-59921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59921"
},
{
"name": "CVE-2025-53951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53951"
},
{
"name": "CVE-2025-53950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53950"
},
{
"name": "CVE-2025-58324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58324"
},
{
"name": "CVE-2025-53845",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53845"
},
{
"name": "CVE-2024-50571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50571"
},
{
"name": "CVE-2025-46774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46774"
},
{
"name": "CVE-2025-31366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31366"
},
{
"name": "CVE-2025-57716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57716"
},
{
"name": "CVE-2024-47569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47569"
},
{
"name": "CVE-2025-22258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22258"
},
{
"name": "CVE-2025-57740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57740"
},
{
"name": "CVE-2025-54973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54973"
},
{
"name": "CVE-2025-54658",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54658"
}
],
"initial_release_date": "2025-10-15T00:00:00",
"last_revision_date": "2025-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0871",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-372",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-372"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-412",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-412"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-228",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-228"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-280",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-280"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-685",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-685"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-452",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-452"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-487",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-487"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-639",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-639"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-037",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-037"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-684",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-684"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-354",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-354"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-041",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-041"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-198",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-198"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-160",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-160"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-361",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-361"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-861",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-861"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-542",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-542"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-771",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-771"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-010",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-010"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-378",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-378"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-442",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-442"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-664",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-664"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-756",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-756"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-126",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-126"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-628",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-628"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-457",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-457"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-062",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-062"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-546",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-546"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-653",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-653"
}
]
}
CERTFR-2025-AVI-0679
Vulnerability from certfr_avis - Published: 2025-08-13 - Updated: 2025-08-13
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Fortinet indique avoir connaissance de code d'exploitation public pour la vulnérabilité CVE-2025-25256.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions antérieures à 7.0.5 | ||
| Fortinet | FortiMail | FortiMail versions antérieures à 7.4.4 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.1.x antérieures à 7.1.8 | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.0.14 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.4.7 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.2.x antérieures à 7.2.11 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiSOAR | FortiSOAR versions antérieures à 7.5.2 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.4.8 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.5.x antérieures à 1.5.1 | ||
| Fortinet | FortiCamera | FortiCamera versions 2.1.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb versions 7.0.x antérieures à 7.0.11 | ||
| Fortinet | FortiPAM | FortiPAM versions antérieures à 1.4.3 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.9 | ||
| Fortinet | FortiManager | FortiManager Cloud versions antérieures à 7.2.10 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.3.x antérieures à 7.3.2 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 6.7.10 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiCamera | FortiCamera versions antérieures à 2.0.1 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiProxy | FortiProxy versions antérieures à 7.4.4 | ||
| Fortinet | FortiVoice | FortiVoice versions antérieures à 6.4.10 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.1.2 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.6.x antérieures à 7.6.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.1.x ant\u00e9rieures \u00e0 7.1.8",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.5.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiCamera versions 2.1.x toutes versions",
"product": {
"name": "FortiCamera",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.7.10",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiCamera versions ant\u00e9rieures \u00e0 2.0.1",
"product": {
"name": "FortiCamera",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-25248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25248"
},
{
"name": "CVE-2025-47857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47857"
},
{
"name": "CVE-2025-32766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32766"
},
{
"name": "CVE-2024-48892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48892"
},
{
"name": "CVE-2025-53744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53744"
},
{
"name": "CVE-2024-52964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52964"
},
{
"name": "CVE-2025-49813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49813"
},
{
"name": "CVE-2025-25256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25256"
},
{
"name": "CVE-2025-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52970"
},
{
"name": "CVE-2025-27759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27759"
},
{
"name": "CVE-2025-32932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32932"
},
{
"name": "CVE-2024-26009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26009"
},
{
"name": "CVE-2024-40588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40588"
},
{
"name": "CVE-2023-45584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45584"
}
],
"initial_release_date": "2025-08-13T00:00:00",
"last_revision_date": "2025-08-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0679",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique avoir connaissance de code d\u0027exploitation public pour la vuln\u00e9rabilit\u00e9 CVE-2025-25256.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-501",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-501"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-421",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-421"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-173",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-173"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-152",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-152"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-042",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-042"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-150",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-150"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-383",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-383"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-364",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-364"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-253",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-253"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-309",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-309"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-513",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-513"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-448",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-448"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-473",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-473"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-209",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-209"
}
]
}
CERTFR-2025-AVI-0197
Vulnerability from certfr_avis - Published: 2025-03-12 - Updated: 2025-03-12
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiMail | FortiMail versions antérieures à 7.4.4 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.1.x antérieures à 7.1.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.1.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.2.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions antérieures à 7.2.8 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.2.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.20 | ||
| Fortinet | N/A | FortiSRA versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 7.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiPAM | FortiPAM versions antérieures à 1.3.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.16 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.0.6 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 7.6.1 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 6.4.16 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiIsolator versions 2.4.x antérieures à 2.4.6 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 5.0.x antérieures à 5.0.1 | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 4.4.7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions ant\u00e9rieures \u00e0 1.3.2",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-54026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54026"
},
{
"name": "CVE-2024-45328",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45328"
},
{
"name": "CVE-2024-46663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46663"
},
{
"name": "CVE-2024-54018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54018"
},
{
"name": "CVE-2024-54027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54027"
},
{
"name": "CVE-2023-42784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42784"
},
{
"name": "CVE-2023-48790",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48790"
},
{
"name": "CVE-2024-32123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32123"
},
{
"name": "CVE-2024-55590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55590"
},
{
"name": "CVE-2024-52960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52960"
},
{
"name": "CVE-2023-40723",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40723"
},
{
"name": "CVE-2023-37933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37933"
},
{
"name": "CVE-2024-55597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55597"
},
{
"name": "CVE-2024-55592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55592"
},
{
"name": "CVE-2024-33501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33501"
},
{
"name": "CVE-2024-52961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52961"
},
{
"name": "CVE-2024-45324",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45324"
},
{
"name": "CVE-2024-55594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55594"
}
],
"initial_release_date": "2025-03-12T00:00:00",
"last_revision_date": "2025-03-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0197",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-261",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-261"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-130",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-130"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-439",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-439"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-327",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-327"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-124",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-124"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-306",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-306"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-216",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-216"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-110",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-110"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-117",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-117"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-377",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-377"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-353",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-353"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-305",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-305"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-178",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-178"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-115",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-115"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-325",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-325"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-331",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-331"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-353",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-353"
}
]
}
CERTFR-2025-AVI-0120
Vulnerability from certfr_avis - Published: 2025-02-12 - Updated: 2025-02-12
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.0.16 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.1.x antérieures à 1.2.0 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiProxy | FortiProxy versions antérieures à 7.0.14 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 7.4.6 | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions antérieures à 7.4.1 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiManager | FortiManager Cloud versions antérieures à 7.2.9 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.2.8 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.2.10 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.4.x antérieures à 4.4.5 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.12 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.7.x, 7.0.x et 7.1.x | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 4.0.5 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.0.x antérieures à 7.0.13 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.2.x antérieures à 4.2.7 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions antérieures à 7.2.6 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.0.x antérieures à 7.0.14 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.2.0",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.7.x, 7.0.x et 7.1.x",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-50567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50567"
},
{
"name": "CVE-2024-40586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40586"
},
{
"name": "CVE-2024-50569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50569"
},
{
"name": "CVE-2023-40721",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40721"
},
{
"name": "CVE-2024-52968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52968"
},
{
"name": "CVE-2024-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27781"
},
{
"name": "CVE-2024-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27780"
},
{
"name": "CVE-2024-36508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36508"
},
{
"name": "CVE-2024-40585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40585"
},
{
"name": "CVE-2025-24470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24470"
},
{
"name": "CVE-2024-35279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35279"
},
{
"name": "CVE-2024-40591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40591"
},
{
"name": "CVE-2024-33504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33504"
},
{
"name": "CVE-2024-40584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40584"
},
{
"name": "CVE-2024-52966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52966"
}
],
"initial_release_date": "2025-02-12T00:00:00",
"last_revision_date": "2025-02-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0120",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-438",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-438"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-220",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-220"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-261",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-261"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-324",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-324"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-094",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-094"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-302",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-302"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-160",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-160"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-300",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-300"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-147",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-147"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-063",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-063"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-279",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-279"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-311",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-311"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-422",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-422"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-015",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-015"
}
]
}
CERTFR-2025-AVI-0031
Vulnerability from certfr_avis - Published: 2025-01-15 - Updated: 2025-01-15
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiClient | FortiClientMac versions antérieures à 7.2.5 | ||
| Fortinet | FortiDDoS-F | FortiDDoS-F versions antérieures à 6.3.3 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.6.1 pour la vulnérabilité CVE-2024-52963 | ||
| Fortinet | FortiRecorder | FortiRecorder versions antérieures à 7.0.5 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.13 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiSOAR | Connecteur IMAP pour FortiSOAR versions antérieures à 3.5.8 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.4 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.0.16 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiWLC | FortiWLC versions 8.6.x antérieures à 8.6.6 | ||
| Fortinet | FortiManager | FortiManager versions 6.4.x antérieures à 6.4.15 | ||
| Fortinet | FortiClient | FortiClientEMS versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiClient | FortiClientEMS Cloud versions antérieures à 7.2.5 | ||
| Fortinet | FortiClient | FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiPortal | FortiPortal versions 6.0.x antérieures à 6.0.15 | ||
| Fortinet | FortiClient | FortiClientMac versions antérieures à 7.4.0 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiMail | FortiMail versions 6.4x antérieures à 6.4.8 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.13 | ||
| Fortinet | FortiVoiceEnterprise | FortiVoiceEnterprise versions antérieures à 6.0.10 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions 7.4.x postérieures à 7.4.1 et antérieures à 7.4.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.7 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions 7.2.x postérieures à 7.2.1 et antérieures à 7.2.7 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiAP-W2 | FortiAP-W2 versions antérieures à 7.2.4 | ||
| Fortinet | FortiClient | FortiClientEMS versions antérieures à 7.2.5 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiDDoS | FortiDDoS versions antérieures à 5.5.1 | ||
| Fortinet | FortiAP | FortiAP versions antérieures à 7.2.4 | ||
| Fortinet | FortiSwitch | FortiSwitch versions antérieures à 6.2.8 | ||
| Fortinet | FortiClient | FortiClientWindows versions antérieures à 7.4.1 | ||
| Fortinet | FortiSOAR | FortiSOAR versions antérieures à 7.2.2 Security Patch 9 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions antérieures à 6.0.1 | ||
| Fortinet | FortiAP-S | FortiAP-S versions antérieures à 6.4.10 | ||
| Fortinet | FortiVoiceEnterprise | FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4 | ||
| Fortinet | FortiAuthenticator | FortiAuthenticator versions antérieures à 6.3.3 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.19 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiManager | FortiManager Cloud versions antérieures à 7.0.13 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.4.x antérieures à 4.4.5 | ||
| Fortinet | FortiAP | FortiAP versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiClient | FortiClientLinux versions antérieures à 7.2.5 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.4.x antérieures à 6.4.14 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.2.2 | ||
| Fortinet | FortiManager | FortiManager versions 6.2.x antérieures à 6.2.12 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions antérieures à 7.0.12 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.15 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.3.x antérieures à 7.3.3 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiClient | FortiClientLinux versions antérieures à 7.4.0 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 7.1.6 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 4.0.5 | ||
| Fortinet | FortiAP-W2 | FortiAP-W2 versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.2.x antérieures à 4.2.7 | ||
| Fortinet | FortiADC | FortiADC versions 6.2.x antérieures à 6.2.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiTester | FortiTester versions antérieures à 7.2.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.4.x antérieures à 6.4.15 | ||
| Fortinet | FortiAuthenticator | FortiAuthenticator versions 6.4.x antérieures à 6.4.1 | ||
| Fortinet | FortiVoice | FortiVoice versions antérieures à 6.4.10 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.5.x antérieures à 7.5.1 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.7 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.3.3",
"product": {
"name": "FortiDDoS-F",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.1 pour la vuln\u00e9rabilit\u00e9 CVE-2024-52963",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Connecteur IMAP pour FortiSOAR versions ant\u00e9rieures \u00e0 3.5.8",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLC versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
"product": {
"name": "FortiWLC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS Cloud versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.15",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.4x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.10",
"product": {
"name": "FortiVoiceEnterprise",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions 7.4.x post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions 7.2.x post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAP-W2",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.2.8",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.2 Security Patch 9",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-S versions ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiAP-S",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
"product": {
"name": "FortiVoiceEnterprise",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.3",
"product": {
"name": "FortiAuthenticator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.19",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiAP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.14",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.12",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.15",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.3",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.1.6",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-W2 versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiAP-W2",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester versions ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiTester",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "FortiAuthenticator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.5.x ant\u00e9rieures \u00e0 7.5.1",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45326"
},
{
"name": "CVE-2023-37931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37931"
},
{
"name": "CVE-2024-32115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32115"
},
{
"name": "CVE-2023-42786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42786"
},
{
"name": "CVE-2024-35280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35280"
},
{
"name": "CVE-2024-35273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35273"
},
{
"name": "CVE-2024-48884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48884"
},
{
"name": "CVE-2024-46666",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46666"
},
{
"name": "CVE-2022-23439",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23439"
},
{
"name": "CVE-2024-47571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47571"
},
{
"name": "CVE-2024-35275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35275"
},
{
"name": "CVE-2024-47573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47573"
},
{
"name": "CVE-2024-52963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52963"
},
{
"name": "CVE-2023-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37937"
},
{
"name": "CVE-2024-33503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33503"
},
{
"name": "CVE-2024-55593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55593"
},
{
"name": "CVE-2024-48885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48885"
},
{
"name": "CVE-2024-46662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46662"
},
{
"name": "CVE-2024-27778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27778"
},
{
"name": "CVE-2024-48893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48893"
},
{
"name": "CVE-2024-47566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47566"
},
{
"name": "CVE-2024-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52969"
},
{
"name": "CVE-2024-35276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35276"
},
{
"name": "CVE-2024-40587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40587"
},
{
"name": "CVE-2024-36512",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36512"
},
{
"name": "CVE-2023-46715",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46715"
},
{
"name": "CVE-2024-36510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36510"
},
{
"name": "CVE-2024-56497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56497"
},
{
"name": "CVE-2024-46665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46665"
},
{
"name": "CVE-2024-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48890"
},
{
"name": "CVE-2024-21758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21758"
},
{
"name": "CVE-2024-52967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52967"
},
{
"name": "CVE-2023-37936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37936"
},
{
"name": "CVE-2024-46668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46668"
},
{
"name": "CVE-2024-35278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35278"
},
{
"name": "CVE-2024-26012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26012"
},
{
"name": "CVE-2024-46664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46664"
},
{
"name": "CVE-2024-23106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23106"
},
{
"name": "CVE-2024-54021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54021"
},
{
"name": "CVE-2024-46669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46669"
},
{
"name": "CVE-2023-5217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
},
{
"name": "CVE-2023-42785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42785"
},
{
"name": "CVE-2024-36504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36504"
},
{
"name": "CVE-2024-35277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35277"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2024-48886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48886"
},
{
"name": "CVE-2024-50564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50564"
},
{
"name": "CVE-2024-33502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33502"
},
{
"name": "CVE-2024-45331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45331"
},
{
"name": "CVE-2024-50563",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50563"
},
{
"name": "CVE-2024-36506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36506"
},
{
"name": "CVE-2024-46667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46667"
},
{
"name": "CVE-2024-46670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46670"
},
{
"name": "CVE-2024-47572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47572"
}
],
"initial_release_date": "2025-01-15T00:00:00",
"last_revision_date": "2025-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0031",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-258",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-258"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-458",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-458"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-061",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-061"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-405",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-405"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-285",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-285"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-165",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-165"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-494",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-494"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-220",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-220"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-221",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-221"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-078",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-078"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-282",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-282"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-373",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-373"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-106",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-106"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-250",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-250"
},
{
"published_at": "2025-01-15",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-189",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-189"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-401",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-401"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-239",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-239"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-097",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-097"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-260",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-260"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-170",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-170"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-259",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-259"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-143",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-143"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-476",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-476"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-415",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-415"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-461",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-461"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-266",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-266"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-407",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-407"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-086",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-086"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-465",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-465"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-222",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-222"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-219",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-219"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-210",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-210"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-211",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-211"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-267",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-267"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-010",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-010"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-473",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-473"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-216",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-216"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-326",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-326"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-135",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-135"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-152",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-152"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-304",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-304"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-164",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-164"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-310",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-310"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-405",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-405"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-127",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-127"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-381",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-381"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-091",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-091"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-417",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-417"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-293",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-293"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-071",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-071"
}
]
}
CVE-2026-25972 (GCVE-0-2026-25972)
Vulnerability from nvd – Published: 2026-03-10 16:44 – Updated: 2026-03-12 14:28
VLAI?
Summary
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters.
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Affected:
7.4.0
Affected: 7.3.0 , ≤ 7.3.4 (semver) cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T14:27:55.325451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T14:28:02.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.3.4",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T16:44:19.432Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-077",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-077"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSIEM version 7.5.0 or above\nUpgrade to FortiSIEM version 7.4.1 or above\nUpgrade to FortiSIEM version 7.3.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-25972",
"datePublished": "2026-03-10T16:44:19.432Z",
"dateReserved": "2026-02-09T17:14:29.451Z",
"dateUpdated": "2026-03-12T14:28:02.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64155 (GCVE-0-2025-64155)
Vulnerability from nvd – Published: 2026-01-13 16:32 – Updated: 2026-02-26 15:04
VLAI?
Summary
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.
Severity ?
9.4 (Critical)
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Affected:
7.4.0
Affected: 7.3.0 , ≤ 7.3.4 (semver) Affected: 7.2.6 Affected: 7.1.8 Affected: 7.0.4 Affected: 6.7.10 cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64155",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T04:57:28.543992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:42.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/horizon3ai/CVE-2025-64155"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/purehate/CVE-2025-64155-hunter"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.3.4",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.2.6"
},
{
"status": "affected",
"version": "7.1.8"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "6.7.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:16:05.278Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-772",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-772"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSIEM version 7.5.0 or above\nUpgrade to FortiSIEM version 7.4.1 or above\nUpgrade to FortiSIEM version 7.3.5 or above\nUpgrade to FortiSIEM version 7.2.7 or above\nUpgrade to FortiSIEM version 7.1.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-64155",
"datePublished": "2026-01-13T16:32:28.665Z",
"dateReserved": "2025-10-28T12:26:50.750Z",
"dateUpdated": "2026-02-26T15:04:42.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58324 (GCVE-0-2025-58324)
Vulnerability from nvd – Published: 2025-10-14 15:22 – Updated: 2026-02-26 17:47
VLAI?
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP requests.
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Affected:
7.2.0 , ≤ 7.2.2
(semver)
Affected: 7.1.0 , ≤ 7.1.9 (semver) Affected: 7.0.0 , ≤ 7.0.4 (semver) Affected: 6.7.0 , ≤ 6.7.10 (semver) Affected: 6.6.0 , ≤ 6.6.5 (semver) Affected: 6.5.0 , ≤ 6.5.3 (semver) Affected: 6.4.0 , ≤ 6.4.4 (semver) Affected: 6.3.0 , ≤ 6.3.3 (semver) Affected: 6.2.0 , ≤ 6.2.1 (semver) cpe:2.3:a:fortinet:fortisiem:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.6.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.5.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T03:57:08.435168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:36.891Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisiem:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.9",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.10",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.5",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.3",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:15:46.221Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-280",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-280"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSIEM version 7.3.0 or above\nUpgrade to FortiSIEM version 7.2.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-58324",
"datePublished": "2025-10-14T15:22:35.310Z",
"dateReserved": "2025-08-28T09:14:58.078Z",
"dateUpdated": "2026-02-26T17:47:36.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25256 (GCVE-0-2025-25256)
Vulnerability from nvd – Published: 2025-08-12 18:59 – Updated: 2026-02-26 17:48
VLAI?
Summary
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Affected:
7.3.0 , ≤ 7.3.1
(semver)
Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.1.0 , ≤ 7.1.7 (semver) Affected: 7.0.0 , ≤ 7.0.3 (semver) Affected: 6.7.0 , ≤ 6.7.9 (semver) Affected: 6.6.0 , ≤ 6.6.5 (semver) Affected: 6.5.0 , ≤ 6.5.3 (semver) Affected: 6.4.0 , ≤ 6.4.4 (semver) Affected: 6.3.0 , ≤ 6.3.3 (semver) Affected: 6.2.0 , ≤ 6.2.1 (semver) Affected: 6.1.0 , ≤ 6.1.2 (semver) Affected: 5.4.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25256",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-16T03:55:47.686767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:59.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256"
},
{
"tags": [
"technical-description"
],
"url": "https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256/"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-13T20:12:32.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.theregister.com/2025/08/13/fortinet_discloses_critical_bug/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.3.1",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.7",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.9",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.5",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.3",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.2",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T18:59:14.863Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-152",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-152"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.4.0 or above \nPlease upgrade to FortiSIEM version 7.3.2 or above \nPlease upgrade to FortiSIEM version 7.2.6 or above \nPlease upgrade to FortiSIEM version 7.1.8 or above \nPlease upgrade to FortiSIEM version 7.0.4 or above \nPlease upgrade to FortiSIEM version 6.7.10 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-25256",
"datePublished": "2025-08-12T18:59:14.863Z",
"dateReserved": "2025-02-05T13:31:18.867Z",
"dateUpdated": "2026-02-26T17:48:59.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-40714 (GCVE-0-2023-40714)
Vulnerability from nvd – Published: 2025-04-02 08:06 – Updated: 2025-04-02 16:16
VLAI?
Summary
A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements
Severity ?
9.7 (Critical)
CWE
- CWE-23 - Escalation of privilege
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T16:14:52.268463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T16:16:37.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"lessThanOrEqual": "6.7.2",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.3",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.1",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T08:06:48.075Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-085",
"url": "https://fortiguard.com/psirt/FG-IR-23-085"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.0.1 or above\nPlease upgrade to FortiSIEM version 6.7.4 or above\nPlease upgrade to FortiSIEM version 6.6.4 or above\nPlease upgrade to FortiSIEM version 6.5.2 or above\nPlease upgrade to FortiSIEM version 6.4.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-40714",
"datePublished": "2025-04-02T08:06:48.075Z",
"dateReserved": "2023-08-21T09:03:44.315Z",
"dateUpdated": "2025-04-02T16:16:37.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17659 (GCVE-0-2019-17659)
Vulnerability from nvd – Published: 2025-03-17 13:06 – Updated: 2025-03-17 13:35
VLAI?
Summary
A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image.
Severity ?
CWE
- CWE-798 - Improper access control
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-17659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T13:35:01.135210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T13:35:08.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user \"tunneluser\" by leveraging knowledge of the private key from another installation or a firmware image."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T13:06:07.828Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-19-296",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-19-296"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 5.2.7 and above where this issue is resolved. \r\nWorkaround (for FortiSIEM version 5.2.6 and lower): \r\nCustomers who are not using the reverse tunnel feature are advised to disable SSH service on port 19999 by following the steps below :\r\n1. SSH to the Supervisor node as the root user.\r\n2. Remove tunneluser SSH configuration file to disable listening on port 19999:\r\nrm -f /etc/ssh/sshd_config.tunneluser\r\necho rm -f /etc/ssh/sshd_config.tunneluser \u003e\u003e /etc/init.d/phProvision.sh\r\n3. Then terminate sshd running on TCP Port 19999 as follows:\r\npkill -f /usr/sbin/sshd -p 19999\r\n4.Additional steps can be performed on Supervisor to remove the keys associated with tunneluser account:\r\nrm -f /opt/phoenix/deployment/id_rsa.pub.tunneluser\r\nrm -f /home/tunneluser/.ssh/authorized_keys\r\nrm -f /opt/phoenix/id_rsa.tunneluser ~admin/.ssh/id_rsa\r\nCustomers are also advised to disable \"tunneluser\" SSH access on port 22 by following the steps bwlow:\r\n1. SSH to the Supervisor node as the root user.\r\n2. Add/edit the following line in sshd_config file: \r\necho DenyUsers tunneluser \u003e\u003e /etc/ssh/sshd_config\r\n3. service sshd restart"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2019-17659",
"datePublished": "2025-03-17T13:06:07.828Z",
"dateReserved": "2019-10-16T00:00:00.000Z",
"dateUpdated": "2025-03-17T13:35:08.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55592 (GCVE-0-2024-55592)
Vulnerability from nvd – Published: 2025-03-11 14:54 – Updated: 2025-03-11 16:07
VLAI?
Summary
An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests.
Severity ?
CWE
- CWE-863 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Affected:
7.2.0 , ≤ 7.2.5
(semver)
Affected: 7.1.0 , ≤ 7.1.7 (semver) Affected: 7.0.0 , ≤ 7.0.3 (semver) Affected: 6.7.0 , ≤ 6.7.9 (semver) Affected: 6.6.0 , ≤ 6.6.5 (semver) Affected: 6.5.0 , ≤ 6.5.3 (semver) Affected: 6.4.0 , ≤ 6.4.4 (semver) Affected: 6.3.0 , ≤ 6.3.3 (semver) Affected: 6.2.0 , ≤ 6.2.1 (semver) Affected: 6.1.0 , ≤ 6.1.2 (semver) Affected: 5.4.0 Affected: 5.3.0 , ≤ 5.3.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T16:06:54.927466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:07:03.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.7",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.9",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.5",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.3",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.2",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.4.0"
},
{
"lessThanOrEqual": "5.3.3",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:29.067Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-377",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-377"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.3.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-55592",
"datePublished": "2025-03-11T14:54:29.067Z",
"dateReserved": "2024-12-09T11:19:49.470Z",
"dateUpdated": "2025-03-11T16:07:03.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40723 (GCVE-0-2023-40723)
Vulnerability from nvd – Published: 2025-03-11 14:54 – Updated: 2026-02-26 19:09
VLAI?
Summary
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 allows attacker to execute unauthorized code or commands via api request.
Severity ?
CWE
- CWE-200 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Affected:
6.7.0 , ≤ 6.7.4
(semver)
Affected: 6.6.0 , ≤ 6.6.3 (semver) Affected: 6.5.0 , ≤ 6.5.1 (semver) Affected: 6.4.0 , ≤ 6.4.2 (semver) Affected: 6.3.0 , ≤ 6.3.3 (semver) Affected: 6.2.0 , ≤ 6.2.1 (semver) Affected: 6.1.0 , ≤ 6.1.2 (semver) Affected: 5.4.0 Affected: 5.3.0 , ≤ 5.3.3 (semver) Affected: 5.2.5 , ≤ 5.2.8 (semver) Affected: 5.2.1 , ≤ 5.2.2 (semver) Affected: 5.1.0 , ≤ 5.1.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T04:00:50.664894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:09:41.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.7.4",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.3",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.1",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.2",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.4.0"
},
{
"lessThanOrEqual": "5.3.3",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.8",
"status": "affected",
"version": "5.2.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.2",
"status": "affected",
"version": "5.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.1.3",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 allows attacker to execute unauthorized code or commands via api request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:28.770Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-117",
"url": "https://fortiguard.com/psirt/FG-IR-23-117"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.0.2 or above \nPlease upgrade to FortiSIEM version 7.0.0 or above \nPlease upgrade to FortiSIEM version 6.7.5 or above \nPlease upgrade to FortiSIEM version 6.6.4 or above \nPlease upgrade to FortiSIEM version 6.5.2 or above \nPlease upgrade to FortiSIEM version 6.4.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-40723",
"datePublished": "2025-03-11T14:54:28.770Z",
"dateReserved": "2023-08-21T09:03:44.316Z",
"dateUpdated": "2026-02-26T19:09:41.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27780 (GCVE-0-2024-27780)
Vulnerability from nvd – Published: 2025-02-11 16:09 – Updated: 2025-02-12 15:40
VLAI?
Summary
Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests.
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T16:34:35.441554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:40:18.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.1.7",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.9",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple\u00a0Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page\u00a0may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N/E:F/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:09:12.668Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-324",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-324"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.3.0 or above \nPlease upgrade to FortiSIEM version 7.2.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-27780",
"datePublished": "2025-02-11T16:09:12.668Z",
"dateReserved": "2024-02-26T14:46:31.334Z",
"dateUpdated": "2025-02-12T15:40:18.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52969 (GCVE-0-2024-52969)
Vulnerability from nvd – Published: 2025-01-14 14:08 – Updated: 2025-01-14 20:55
VLAI?
Summary
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests.
Severity ?
CWE
- CWE-89 - Information disclosure
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T15:15:11.758765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T20:55:36.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.1.7",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.9",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.5",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.3",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:08:59.640Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-417",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-417"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.2.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-52969",
"datePublished": "2025-01-14T14:08:59.640Z",
"dateReserved": "2024-11-18T13:36:52.466Z",
"dateUpdated": "2025-01-14T20:55:36.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46667 (GCVE-0-2024-46667)
Vulnerability from nvd – Published: 2025-01-14 14:09 – Updated: 2025-02-18 21:37
VLAI?
Summary
A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections.
Severity ?
CWE
- CWE-770 - Denial of service
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Affected:
7.1.0 , ≤ 7.1.5
(semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver) Affected: 6.7.0 , ≤ 6.7.9 (semver) Affected: 6.6.0 , ≤ 6.6.5 (semver) Affected: 6.5.0 , ≤ 6.5.3 (semver) Affected: 6.4.0 , ≤ 6.4.4 (semver) Affected: 6.3.0 , ≤ 6.3.3 (semver) Affected: 6.2.0 , ≤ 6.2.1 (semver) Affected: 6.1.0 , ≤ 6.1.2 (semver) Affected: 5.4.0 Affected: 5.3.0 , ≤ 5.3.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T14:27:09.560945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T21:37:18.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.1.5",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.9",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.5",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.3",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.2",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.4.0"
},
{
"lessThanOrEqual": "5.3.3",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Denial of service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:09:58.844Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-164",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-164"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.2.0 or above \nPlease upgrade to FortiSIEM version 7.1.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-46667",
"datePublished": "2025-01-14T14:09:58.844Z",
"dateReserved": "2024-09-11T12:14:59.204Z",
"dateUpdated": "2025-02-18T21:37:18.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-25972 (GCVE-0-2026-25972)
Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-12 14:28
VLAI?
Summary
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters.
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Affected:
7.4.0
Affected: 7.3.0 , ≤ 7.3.4 (semver) cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T14:27:55.325451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T14:28:02.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.3.4",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T16:44:19.432Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-077",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-077"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSIEM version 7.5.0 or above\nUpgrade to FortiSIEM version 7.4.1 or above\nUpgrade to FortiSIEM version 7.3.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-25972",
"datePublished": "2026-03-10T16:44:19.432Z",
"dateReserved": "2026-02-09T17:14:29.451Z",
"dateUpdated": "2026-03-12T14:28:02.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64155 (GCVE-0-2025-64155)
Vulnerability from cvelistv5 – Published: 2026-01-13 16:32 – Updated: 2026-02-26 15:04
VLAI?
Summary
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.
Severity ?
9.4 (Critical)
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Affected:
7.4.0
Affected: 7.3.0 , ≤ 7.3.4 (semver) Affected: 7.2.6 Affected: 7.1.8 Affected: 7.0.4 Affected: 6.7.10 cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64155",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T04:57:28.543992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:42.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/horizon3ai/CVE-2025-64155"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/purehate/CVE-2025-64155-hunter"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.3.4",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.2.6"
},
{
"status": "affected",
"version": "7.1.8"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "6.7.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:16:05.278Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-772",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-772"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSIEM version 7.5.0 or above\nUpgrade to FortiSIEM version 7.4.1 or above\nUpgrade to FortiSIEM version 7.3.5 or above\nUpgrade to FortiSIEM version 7.2.7 or above\nUpgrade to FortiSIEM version 7.1.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-64155",
"datePublished": "2026-01-13T16:32:28.665Z",
"dateReserved": "2025-10-28T12:26:50.750Z",
"dateUpdated": "2026-02-26T15:04:42.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58324 (GCVE-0-2025-58324)
Vulnerability from cvelistv5 – Published: 2025-10-14 15:22 – Updated: 2026-02-26 17:47
VLAI?
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP requests.
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Affected:
7.2.0 , ≤ 7.2.2
(semver)
Affected: 7.1.0 , ≤ 7.1.9 (semver) Affected: 7.0.0 , ≤ 7.0.4 (semver) Affected: 6.7.0 , ≤ 6.7.10 (semver) Affected: 6.6.0 , ≤ 6.6.5 (semver) Affected: 6.5.0 , ≤ 6.5.3 (semver) Affected: 6.4.0 , ≤ 6.4.4 (semver) Affected: 6.3.0 , ≤ 6.3.3 (semver) Affected: 6.2.0 , ≤ 6.2.1 (semver) cpe:2.3:a:fortinet:fortisiem:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.7.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.6.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.5.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiem:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T03:57:08.435168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:36.891Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisiem:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiem:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.9",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.10",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.5",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.3",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:15:46.221Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-280",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-280"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSIEM version 7.3.0 or above\nUpgrade to FortiSIEM version 7.2.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-58324",
"datePublished": "2025-10-14T15:22:35.310Z",
"dateReserved": "2025-08-28T09:14:58.078Z",
"dateUpdated": "2026-02-26T17:47:36.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25256 (GCVE-0-2025-25256)
Vulnerability from cvelistv5 – Published: 2025-08-12 18:59 – Updated: 2026-02-26 17:48
VLAI?
Summary
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Affected:
7.3.0 , ≤ 7.3.1
(semver)
Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.1.0 , ≤ 7.1.7 (semver) Affected: 7.0.0 , ≤ 7.0.3 (semver) Affected: 6.7.0 , ≤ 6.7.9 (semver) Affected: 6.6.0 , ≤ 6.6.5 (semver) Affected: 6.5.0 , ≤ 6.5.3 (semver) Affected: 6.4.0 , ≤ 6.4.4 (semver) Affected: 6.3.0 , ≤ 6.3.3 (semver) Affected: 6.2.0 , ≤ 6.2.1 (semver) Affected: 6.1.0 , ≤ 6.1.2 (semver) Affected: 5.4.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25256",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-16T03:55:47.686767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:59.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256"
},
{
"tags": [
"technical-description"
],
"url": "https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256/"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-13T20:12:32.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.theregister.com/2025/08/13/fortinet_discloses_critical_bug/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.3.1",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.7",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.9",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.5",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.3",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.2",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T18:59:14.863Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-152",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-152"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.4.0 or above \nPlease upgrade to FortiSIEM version 7.3.2 or above \nPlease upgrade to FortiSIEM version 7.2.6 or above \nPlease upgrade to FortiSIEM version 7.1.8 or above \nPlease upgrade to FortiSIEM version 7.0.4 or above \nPlease upgrade to FortiSIEM version 6.7.10 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-25256",
"datePublished": "2025-08-12T18:59:14.863Z",
"dateReserved": "2025-02-05T13:31:18.867Z",
"dateUpdated": "2026-02-26T17:48:59.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-40714 (GCVE-0-2023-40714)
Vulnerability from cvelistv5 – Published: 2025-04-02 08:06 – Updated: 2025-04-02 16:16
VLAI?
Summary
A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements
Severity ?
9.7 (Critical)
CWE
- CWE-23 - Escalation of privilege
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T16:14:52.268463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T16:16:37.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"lessThanOrEqual": "6.7.2",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.3",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.1",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T08:06:48.075Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-085",
"url": "https://fortiguard.com/psirt/FG-IR-23-085"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.0.1 or above\nPlease upgrade to FortiSIEM version 6.7.4 or above\nPlease upgrade to FortiSIEM version 6.6.4 or above\nPlease upgrade to FortiSIEM version 6.5.2 or above\nPlease upgrade to FortiSIEM version 6.4.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-40714",
"datePublished": "2025-04-02T08:06:48.075Z",
"dateReserved": "2023-08-21T09:03:44.315Z",
"dateUpdated": "2025-04-02T16:16:37.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17659 (GCVE-0-2019-17659)
Vulnerability from cvelistv5 – Published: 2025-03-17 13:06 – Updated: 2025-03-17 13:35
VLAI?
Summary
A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image.
Severity ?
CWE
- CWE-798 - Improper access control
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-17659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T13:35:01.135210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T13:35:08.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user \"tunneluser\" by leveraging knowledge of the private key from another installation or a firmware image."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T13:06:07.828Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-19-296",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-19-296"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 5.2.7 and above where this issue is resolved. \r\nWorkaround (for FortiSIEM version 5.2.6 and lower): \r\nCustomers who are not using the reverse tunnel feature are advised to disable SSH service on port 19999 by following the steps below :\r\n1. SSH to the Supervisor node as the root user.\r\n2. Remove tunneluser SSH configuration file to disable listening on port 19999:\r\nrm -f /etc/ssh/sshd_config.tunneluser\r\necho rm -f /etc/ssh/sshd_config.tunneluser \u003e\u003e /etc/init.d/phProvision.sh\r\n3. Then terminate sshd running on TCP Port 19999 as follows:\r\npkill -f /usr/sbin/sshd -p 19999\r\n4.Additional steps can be performed on Supervisor to remove the keys associated with tunneluser account:\r\nrm -f /opt/phoenix/deployment/id_rsa.pub.tunneluser\r\nrm -f /home/tunneluser/.ssh/authorized_keys\r\nrm -f /opt/phoenix/id_rsa.tunneluser ~admin/.ssh/id_rsa\r\nCustomers are also advised to disable \"tunneluser\" SSH access on port 22 by following the steps bwlow:\r\n1. SSH to the Supervisor node as the root user.\r\n2. Add/edit the following line in sshd_config file: \r\necho DenyUsers tunneluser \u003e\u003e /etc/ssh/sshd_config\r\n3. service sshd restart"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2019-17659",
"datePublished": "2025-03-17T13:06:07.828Z",
"dateReserved": "2019-10-16T00:00:00.000Z",
"dateUpdated": "2025-03-17T13:35:08.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55592 (GCVE-0-2024-55592)
Vulnerability from cvelistv5 – Published: 2025-03-11 14:54 – Updated: 2025-03-11 16:07
VLAI?
Summary
An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests.
Severity ?
CWE
- CWE-863 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Affected:
7.2.0 , ≤ 7.2.5
(semver)
Affected: 7.1.0 , ≤ 7.1.7 (semver) Affected: 7.0.0 , ≤ 7.0.3 (semver) Affected: 6.7.0 , ≤ 6.7.9 (semver) Affected: 6.6.0 , ≤ 6.6.5 (semver) Affected: 6.5.0 , ≤ 6.5.3 (semver) Affected: 6.4.0 , ≤ 6.4.4 (semver) Affected: 6.3.0 , ≤ 6.3.3 (semver) Affected: 6.2.0 , ≤ 6.2.1 (semver) Affected: 6.1.0 , ≤ 6.1.2 (semver) Affected: 5.4.0 Affected: 5.3.0 , ≤ 5.3.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T16:06:54.927466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:07:03.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.7",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.9",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.5",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.3",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.2",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.4.0"
},
{
"lessThanOrEqual": "5.3.3",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:29.067Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-377",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-377"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.3.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-55592",
"datePublished": "2025-03-11T14:54:29.067Z",
"dateReserved": "2024-12-09T11:19:49.470Z",
"dateUpdated": "2025-03-11T16:07:03.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40723 (GCVE-0-2023-40723)
Vulnerability from cvelistv5 – Published: 2025-03-11 14:54 – Updated: 2026-02-26 19:09
VLAI?
Summary
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 allows attacker to execute unauthorized code or commands via api request.
Severity ?
CWE
- CWE-200 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Affected:
6.7.0 , ≤ 6.7.4
(semver)
Affected: 6.6.0 , ≤ 6.6.3 (semver) Affected: 6.5.0 , ≤ 6.5.1 (semver) Affected: 6.4.0 , ≤ 6.4.2 (semver) Affected: 6.3.0 , ≤ 6.3.3 (semver) Affected: 6.2.0 , ≤ 6.2.1 (semver) Affected: 6.1.0 , ≤ 6.1.2 (semver) Affected: 5.4.0 Affected: 5.3.0 , ≤ 5.3.3 (semver) Affected: 5.2.5 , ≤ 5.2.8 (semver) Affected: 5.2.1 , ≤ 5.2.2 (semver) Affected: 5.1.0 , ≤ 5.1.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T04:00:50.664894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:09:41.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.7.4",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.3",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.1",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.2",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.4.0"
},
{
"lessThanOrEqual": "5.3.3",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.8",
"status": "affected",
"version": "5.2.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.2",
"status": "affected",
"version": "5.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.1.3",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 allows attacker to execute unauthorized code or commands via api request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:28.770Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-117",
"url": "https://fortiguard.com/psirt/FG-IR-23-117"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.0.2 or above \nPlease upgrade to FortiSIEM version 7.0.0 or above \nPlease upgrade to FortiSIEM version 6.7.5 or above \nPlease upgrade to FortiSIEM version 6.6.4 or above \nPlease upgrade to FortiSIEM version 6.5.2 or above \nPlease upgrade to FortiSIEM version 6.4.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-40723",
"datePublished": "2025-03-11T14:54:28.770Z",
"dateReserved": "2023-08-21T09:03:44.316Z",
"dateUpdated": "2026-02-26T19:09:41.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27780 (GCVE-0-2024-27780)
Vulnerability from cvelistv5 – Published: 2025-02-11 16:09 – Updated: 2025-02-12 15:40
VLAI?
Summary
Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests.
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T16:34:35.441554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:40:18.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.1.7",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.9",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple\u00a0Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page\u00a0may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N/E:F/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:09:12.668Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-324",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-324"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.3.0 or above \nPlease upgrade to FortiSIEM version 7.2.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-27780",
"datePublished": "2025-02-11T16:09:12.668Z",
"dateReserved": "2024-02-26T14:46:31.334Z",
"dateUpdated": "2025-02-12T15:40:18.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46667 (GCVE-0-2024-46667)
Vulnerability from cvelistv5 – Published: 2025-01-14 14:09 – Updated: 2025-02-18 21:37
VLAI?
Summary
A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections.
Severity ?
CWE
- CWE-770 - Denial of service
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiSIEM |
Affected:
7.1.0 , ≤ 7.1.5
(semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver) Affected: 6.7.0 , ≤ 6.7.9 (semver) Affected: 6.6.0 , ≤ 6.6.5 (semver) Affected: 6.5.0 , ≤ 6.5.3 (semver) Affected: 6.4.0 , ≤ 6.4.4 (semver) Affected: 6.3.0 , ≤ 6.3.3 (semver) Affected: 6.2.0 , ≤ 6.2.1 (semver) Affected: 6.1.0 , ≤ 6.1.2 (semver) Affected: 5.4.0 Affected: 5.3.0 , ≤ 5.3.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T14:27:09.560945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T21:37:18.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.1.5",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.9",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.5",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.3",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.2",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.4.0"
},
{
"lessThanOrEqual": "5.3.3",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Denial of service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:09:58.844Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-164",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-164"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.2.0 or above \nPlease upgrade to FortiSIEM version 7.1.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-46667",
"datePublished": "2025-01-14T14:09:58.844Z",
"dateReserved": "2024-09-11T12:14:59.204Z",
"dateUpdated": "2025-02-18T21:37:18.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52969 (GCVE-0-2024-52969)
Vulnerability from cvelistv5 – Published: 2025-01-14 14:08 – Updated: 2025-01-14 20:55
VLAI?
Summary
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests.
Severity ?
CWE
- CWE-89 - Information disclosure
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T15:15:11.758765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T20:55:36.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.1.7",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.9",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.5",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.3",
"status": "affected",
"version": "6.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:08:59.640Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-417",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-417"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.2.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-52969",
"datePublished": "2025-01-14T14:08:59.640Z",
"dateReserved": "2024-11-18T13:36:52.466Z",
"dateUpdated": "2025-01-14T20:55:36.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201904-0595
Vulnerability from variot - Updated: 2024-11-23 23:08An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. Fortinet FortiSIEM Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet Security Information & Event Management System (FortiSIEM) is a set of security information and event management system of Fortinet Corporation. Security event management of assets such as the system's infrastructure, applications, and virtual machines. The admin portal in Fortinet FortiSIEM 5.2.0 and earlier versions has an information disclosure vulnerability, which is caused by a configuration error in the network system or product during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0595",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortisiem",
"scope": "lte",
"trust": 1.8,
"vendor": "fortinet",
"version": "5.2.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015278"
},
{
"db": "NVD",
"id": "CVE-2018-13378"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fortinet:fortisiem",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015278"
}
]
},
"cve": "CVE-2018-13378",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2018-13378",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-123431",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2018-13378",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-13378",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-13378",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-001",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-123431",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123431"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015278"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-001"
},
{
"db": "NVD",
"id": "CVE-2018-13378"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. Fortinet FortiSIEM Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet Security Information \u0026 Event Management System (FortiSIEM) is a set of security information and event management system of Fortinet Corporation. Security event management of assets such as the system\u0027s infrastructure, applications, and virtual machines. The admin portal in Fortinet FortiSIEM 5.2.0 and earlier versions has an information disclosure vulnerability, which is caused by a configuration error in the network system or product during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13378"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015278"
},
{
"db": "VULHUB",
"id": "VHN-123431"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13378",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015278",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-001",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1090",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-123431",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123431"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015278"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-001"
},
{
"db": "NVD",
"id": "CVE-2018-13378"
}
]
},
"id": "VAR-201904-0595",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-123431"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:08:25.559000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-18-382",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/FG-IR-18-382"
},
{
"title": "Fortinet Security Information \u0026 Event Management System Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90917"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015278"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-001"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123431"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015278"
},
{
"db": "NVD",
"id": "CVE-2018-13378"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://fortiguard.com/advisory/fg-ir-18-382"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13378"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13378"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-18-382"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78222"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123431"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015278"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-001"
},
{
"db": "NVD",
"id": "CVE-2018-13378"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-123431"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015278"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-001"
},
{
"db": "NVD",
"id": "CVE-2018-13378"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-123431"
},
{
"date": "2019-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015278"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-001"
},
{
"date": "2019-04-17T15:29:00.437000",
"db": "NVD",
"id": "CVE-2018-13378"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-123431"
},
{
"date": "2019-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015278"
},
{
"date": "2019-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-001"
},
{
"date": "2024-11-21T03:46:59.137000",
"db": "NVD",
"id": "CVE-2018-13378"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-001"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiSIEM Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015278"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-001"
}
],
"trust": 0.6
}
}