Search criteria

71 vulnerabilities found for FortiSOAR by Fortinet

CERTFR-2025-AVI-1084

Vulnerability from certfr_avis - Published: 2025-12-10 - Updated: 2025-12-10

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur précise que la version 24.2 de FortiSandbox Cloud sera publiée ultérieurement.

Impacted products
Vendor Product Description
Fortinet FortiAnalyzer FortiAnalyzer versions 7.2.x antérieures à 7.2.6
Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.4
Fortinet FortiSOAR FortiSOAR PaaS versions antérieures à 7.5.2
Fortinet FortiVoice FortiVoice versions 7.2.x antérieures à 7.2.3
Fortinet FortiSOAR FortiSOAR PaaS versions 7.6.x antérieures à 7.6.3
Fortinet FortiSOAR FortiSOAR on-premise versions 7.6.x antérieures à 7.6.3
Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.6
Fortinet N/A FortiExtender versions antérieures à 7.4.8
Fortinet FortiProxy FortiProxy versions 7.0.x antérieures à 7.0.22
Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.3
Fortinet FortiManager FortiManager versions antérieures à 7.2.6
Fortinet FortiSRA FortiSRA versions antérieures à 1.5.x
Fortinet FortiSandbox FortiSandbox versions 5.0.x antérieures à 5.0.3
Fortinet FortiPortal FortiPortal versions antérieures à 7.4.6
Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.15
Fortinet FortiSwitch FortiSwitchManager versions 7.2.x antérieures à 7.2.7
Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.9
Fortinet FortiWeb FortiWeb versions 7.2.x antérieures à 7.2.12
Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.12
Fortinet FortiAnalyzer FortiAnalyzer versions 7.4.x antérieures à 7.4.3
Fortinet FortiWeb FortiWeb versions 8.0.x antérieures à 8.0.2
Fortinet FortiSandbox FortiSandbox Cloud versions antérieures à 24.2
Fortinet N/A FortiExtender versions 7.6.x antérieures à 7.6.4
Fortinet FortiOS FortiOS versions antérieures à 7.0.18
Fortinet FortiSASE FortiSASE versions 24.1.x antérieures à 24.1.c
Fortinet FortiSandbox FortiSandbox versions 4.x antérieures à 4.4.8
Fortinet FortiWeb FortiWeb versions 7.0.x antérieures à 7.0.12
Fortinet FortiVoice FortiVoice versions antérieures à 7.0.8
Fortinet FortiSOAR FortiSOAR on-premise versions antérieures à 7.5.2
Fortinet FortiProxy FortiProxy versions 7.4.x antérieures à 7.4.11
Fortinet FortiPAM FortiPAM versions antérieures à 1.5.x
Fortinet FortiAuthenticator FortiAuthenticator versions antérieures à 6.6.7
Fortinet FortiSwitch FortiSwitchManager versions 7.0.x antérieures à 7.0.6
Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.4
Fortinet FortiWeb FortiWeb versions 7.4.x antérieures à 7.4.11
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR PaaS versions ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR PaaS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.22",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions ant\u00e9rieures \u00e0 1.5.x",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.3",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.15",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox Cloud versions ant\u00e9rieures \u00e0 24.2",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.18",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSASE versions 24.1.x ant\u00e9rieures \u00e0 24.1.c",
      "product": {
        "name": "FortiSASE",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.x ant\u00e9rieures \u00e0 4.4.8",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.11",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.5.x",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.6.7",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur pr\u00e9cise que la version 24.2 de FortiSandbox Cloud sera publi\u00e9e ult\u00e9rieurement.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-60024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60024"
    },
    {
      "name": "CVE-2025-64153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64153"
    },
    {
      "name": "CVE-2025-57823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57823"
    },
    {
      "name": "CVE-2024-40593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40593"
    },
    {
      "name": "CVE-2025-53679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53679"
    },
    {
      "name": "CVE-2025-62631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62631"
    },
    {
      "name": "CVE-2025-54353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54353"
    },
    {
      "name": "CVE-2025-53949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53949"
    },
    {
      "name": "CVE-2025-59719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59719"
    },
    {
      "name": "CVE-2025-59810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59810"
    },
    {
      "name": "CVE-2025-64471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64471"
    },
    {
      "name": "CVE-2025-64447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64447"
    },
    {
      "name": "CVE-2024-47570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47570"
    },
    {
      "name": "CVE-2025-59808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59808"
    },
    {
      "name": "CVE-2025-54838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54838"
    },
    {
      "name": "CVE-2025-59923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59923"
    },
    {
      "name": "CVE-2025-64156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64156"
    },
    {
      "name": "CVE-2025-59718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59718"
    }
  ],
  "initial_release_date": "2025-12-10T00:00:00",
  "last_revision_date": "2025-12-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1084",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-411",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-411"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-479",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-479"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-268",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-268"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-362",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-362"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-599",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-599"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-133",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-133"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-616",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-616"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-812",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-812"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-739",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-739"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-984",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-984"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-945",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-945"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-477",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-477"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-647",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-647"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-601",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-601"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-454",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-454"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-032",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-032"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-554",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-554"
    }
  ]
}

CERTFR-2025-AVI-0871

Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Fortinet FortiDLP FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x
Fortinet FortiADC FortiADC toutes versions 6.2.x et 7.0.x
Fortinet FortiManager FortiManager Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10
Fortinet FortiTester FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x
Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.4
Fortinet FortiVoice FortiVoice versions 6.0.7 à 6.0.12
Fortinet FortiClient FortiClientMac toutes versions 7.0.x
Fortinet FortiSOAR FortiSOAR on-premise toutes versions 7.3.x et 7.4.x
Fortinet FortiSIEM FortiSIEM versions 7.2.x antérieures à 7.2.3
Fortinet FortiPAM FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x
Fortinet FortiSRA FortiSRA versions 1.5.x antérieures à 1.5.1
Fortinet FortiWeb FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x
Fortinet FortiDLP FortiDLP versions 12.2.x et antérieures à 12.2.3
Fortinet FortiManager FortiManager Cloud versions 7.6.x antérieures à 7.6.3
Fortinet FortiSOAR FortiSOAR on-premise versions 7.6.x antérieures à 7.6.2
Fortinet FortiNDR FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x
Fortinet FortiClient FortiClientWindows versions 7.4.x antérieures à 7.4.4
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6
Fortinet FortiManager FortiManager versions 7.2.x antérieures à 7.2.10
Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet FortiAnalyzer FortiAnalyzer versions 7.4.x antérieures à 7.4.7
Fortinet FortiClient FortiClientWindows versions 7.2.x antérieures à 7.2.12
Fortinet FortiManager FortiManager Cloud toutes versions 6.4.x
Fortinet FortiPAM FortiPAM versions 1.4.x antérieures à 1.4.3
Fortinet FortiManager FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10
Fortinet FortiPAM FortiPAM versions 1.5.x antérieures à 1.5.1
Fortinet FortiSIEM FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x
Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.7
Fortinet FortiSRA FortiSRA versions 1.4.x antérieures à 1.4.3
Fortinet FortiRecorder FortiRecorder versions 7.0.x antérieures à 7.0.5
Fortinet FortiWeb FortiWeb versions 7.4.x antérieures à 7.4.5
Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet FortiADC FortiADC versions 7.2.x antérieures à 7.2.4
Fortinet FortiAnalyzer FortiAnalyzer versions 7.6.x antérieures à 7.6.4
Fortinet FortiClient FortiClientWindows toutes versions 7.0.x
Fortinet FortiIsolator FortiIsolator versions 2.4.x antérieures à 2.4.5
Fortinet FortiTester FortiTester version 7.4 antérieures à 7.4.3
Fortinet FortiVoice FortiVoice versions 6.4.x antérieures à 6.4.10
Fortinet FortiManager FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6
Fortinet FortiOS FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x
Fortinet FortiIsolator FortiIsolator toutes versions 2.3.x
Fortinet FortiADC FortiADC versions 7.1.x antérieures à 7.1.5
Fortinet FortiProxy FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x
Fortinet FortiAnalyzer FortiAnalyzer Cloud toutes versions 6.4.x
Fortinet FortiAnalyzer FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x
Fortinet FortiSwitch FortiSwitchManager versions 7.2.x antérieures à 7.2.6
Fortinet FortiManager FortiManager versions 7.0.x antérieures à 7.0.14
Fortinet FortiManager FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x
Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.1
Fortinet FortiNDR FortiNDR versions 7.6.x antérieures à 7.6.2
Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.4
Fortinet FortiADC FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet FortiNDR FortiNDR versions 7.4.x antérieures à 7.4.9
Fortinet FortiSwitch FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet FortiMail FortiMail versions 7.4.x antérieures à 7.4.3
Fortinet FortiRecorder FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet FortiClient FortiClientMac versions 7.4.x antérieures à 7.4.4
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14
Fortinet FortiClient FortiClientMac versions 7.2.x antérieures à 7.2.12
Fortinet FortiSOAR FortiSOAR on-premise versions 7.5.x antérieures à 7.5.2
References
Bulletin de sécurité Fortinet FG-IR-24-372 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-412 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-228 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-280 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-685 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-452 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-487 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-639 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-037 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-684 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-354 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-041 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-198 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-160 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-361 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-861 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-542 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-771 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-010 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-378 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-442 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-664 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-756 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-126 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-628 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-457 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-062 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-546 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-653 2025-10-14 vendor-advisory

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x",
      "product": {
        "name": "FortiDLP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC toutes versions 6.2.x et 7.0.x",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.0.7 \u00e0 6.0.12",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise toutes versions 7.3.x et 7.4.x",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDLP versions 12.2.x et ant\u00e9rieures \u00e0 12.2.3",
      "product": {
        "name": "FortiDLP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud toutes versions 6.4.x",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.5",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester version 7.4 ant\u00e9rieures \u00e0  7.4.3",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator toutes versions 2.3.x",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud toutes versions 6.4.x",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.5.x ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-58325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58325"
    },
    {
      "name": "CVE-2025-46752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46752"
    },
    {
      "name": "CVE-2025-31365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31365"
    },
    {
      "name": "CVE-2025-49201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49201"
    },
    {
      "name": "CVE-2025-54822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54822"
    },
    {
      "name": "CVE-2025-57741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57741"
    },
    {
      "name": "CVE-2025-58903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58903"
    },
    {
      "name": "CVE-2025-31514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31514"
    },
    {
      "name": "CVE-2025-25253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25253"
    },
    {
      "name": "CVE-2024-33507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33507"
    },
    {
      "name": "CVE-2025-25255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25255"
    },
    {
      "name": "CVE-2023-46718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46718"
    },
    {
      "name": "CVE-2025-47890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47890"
    },
    {
      "name": "CVE-2025-54988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
    },
    {
      "name": "CVE-2024-26008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26008"
    },
    {
      "name": "CVE-2025-25252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25252"
    },
    {
      "name": "CVE-2024-48891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48891"
    },
    {
      "name": "CVE-2025-59921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59921"
    },
    {
      "name": "CVE-2025-53951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53951"
    },
    {
      "name": "CVE-2025-53950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53950"
    },
    {
      "name": "CVE-2025-58324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58324"
    },
    {
      "name": "CVE-2025-53845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53845"
    },
    {
      "name": "CVE-2024-50571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50571"
    },
    {
      "name": "CVE-2025-46774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46774"
    },
    {
      "name": "CVE-2025-31366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31366"
    },
    {
      "name": "CVE-2025-57716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57716"
    },
    {
      "name": "CVE-2024-47569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47569"
    },
    {
      "name": "CVE-2025-22258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22258"
    },
    {
      "name": "CVE-2025-57740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57740"
    },
    {
      "name": "CVE-2025-54973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54973"
    },
    {
      "name": "CVE-2025-54658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54658"
    }
  ],
  "initial_release_date": "2025-10-15T00:00:00",
  "last_revision_date": "2025-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0871",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-372",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-372"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-412",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-412"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-228",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-228"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-280",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-280"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-685",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-685"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-452",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-452"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-487",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-487"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-639",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-639"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-037",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-037"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-684",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-684"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-354",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-354"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-041",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-041"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-198",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-198"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-160",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-160"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-361",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-361"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-861",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-861"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-542",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-542"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-771",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-771"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-010",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-010"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-378",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-378"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-442",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-442"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-664",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-664"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-756",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-756"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-126",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-126"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-628",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-628"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-457",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-457"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-062",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-062"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-546",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-546"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-653",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-653"
    }
  ]
}

CERTFR-2025-AVI-0679

Vulnerability from certfr_avis - Published: 2025-08-13 - Updated: 2025-08-13

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.

Fortinet indique avoir connaissance de code d'exploitation public pour la vulnérabilité CVE-2025-25256.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.3
Fortinet FortiRecorder FortiRecorder versions antérieures à 7.0.5
Fortinet FortiMail FortiMail versions antérieures à 7.4.4
Fortinet FortiSIEM FortiSIEM versions 7.1.x antérieures à 7.1.8
Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet FortiManager FortiManager versions antérieures à 7.0.14
Fortinet FortiNDR FortiNDR versions antérieures à 7.4.7
Fortinet FortiNDR FortiNDR versions 7.6.x antérieures à 7.6.1
Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.7
Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.4
Fortinet FortiManager FortiManager versions 7.2.x antérieures à 7.2.10
Fortinet FortiWeb FortiWeb versions 7.2.x antérieures à 7.2.11
Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet FortiSOAR FortiSOAR versions antérieures à 7.5.2
Fortinet FortiOS FortiOS versions antérieures à 7.4.8
Fortinet FortiPAM FortiPAM versions 1.5.x antérieures à 1.5.1
Fortinet FortiCamera FortiCamera versions 2.1.x toutes versions
Fortinet FortiWeb FortiWeb versions 7.0.x antérieures à 7.0.11
Fortinet FortiPAM FortiPAM versions antérieures à 1.4.3
Fortinet FortiSwitchManager FortiSwitchManager versions 7.2.x antérieures à 7.2.4
Fortinet FortiWeb FortiWeb versions 7.4.x antérieures à 7.4.9
Fortinet FortiManager FortiManager Cloud versions antérieures à 7.2.10
Fortinet FortiSwitchManager FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet FortiMail FortiMail versions 7.6.x antérieures à 7.6.2
Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.3
Fortinet FortiSIEM FortiSIEM versions 7.3.x antérieures à 7.3.2
Fortinet FortiSIEM FortiSIEM versions 7.2.x antérieures à 7.2.6
Fortinet FortiSIEM FortiSIEM versions antérieures à 6.7.10
Fortinet FortiADC FortiADC versions 7.2.x antérieures à 7.2.1
Fortinet FortiSIEM FortiSIEM versions 7.0.x antérieures à 7.0.4
Fortinet FortiCamera FortiCamera versions antérieures à 2.0.1
Fortinet FortiManager FortiManager Cloud versions 7.4.x antérieures à 7.4.6
Fortinet FortiProxy FortiProxy versions antérieures à 7.4.4
Fortinet FortiVoice FortiVoice versions antérieures à 6.4.10
Fortinet FortiADC FortiADC versions antérieures à 7.1.2
Fortinet FortiRecorder FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet FortiSOAR FortiSOAR versions 7.6.x antérieures à 7.6.2
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.1.x ant\u00e9rieures \u00e0 7.1.8",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions 2.1.x toutes versions",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions  ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.7.10",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.0.1",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-25248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25248"
    },
    {
      "name": "CVE-2025-47857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47857"
    },
    {
      "name": "CVE-2025-32766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32766"
    },
    {
      "name": "CVE-2024-48892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48892"
    },
    {
      "name": "CVE-2025-53744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53744"
    },
    {
      "name": "CVE-2024-52964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52964"
    },
    {
      "name": "CVE-2025-49813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49813"
    },
    {
      "name": "CVE-2025-25256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25256"
    },
    {
      "name": "CVE-2025-52970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52970"
    },
    {
      "name": "CVE-2025-27759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27759"
    },
    {
      "name": "CVE-2025-32932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32932"
    },
    {
      "name": "CVE-2024-26009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26009"
    },
    {
      "name": "CVE-2024-40588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40588"
    },
    {
      "name": "CVE-2023-45584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45584"
    }
  ],
  "initial_release_date": "2025-08-13T00:00:00",
  "last_revision_date": "2025-08-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0679",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique avoir connaissance de code d\u0027exploitation public pour la vuln\u00e9rabilit\u00e9 CVE-2025-25256.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-501",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-501"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-421",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-421"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-173",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-173"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-152",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-152"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-042",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-042"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-150",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-150"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-383",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-383"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-364",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-364"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-253",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-253"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-309",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-309"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-513",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-513"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-448",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-448"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-473",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-473"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-209",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-209"
    }
  ]
}

CERTFR-2025-AVI-0031

Vulnerability from certfr_avis - Published: 2025-01-15 - Updated: 2025-01-15

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Fortinet FortiClient FortiClientMac versions antérieures à 7.2.5
Fortinet FortiDDoS-F FortiDDoS-F versions antérieures à 6.3.3
Fortinet FortiAnalyzer FortiAnalyzer versions 7.6.x antérieures à 7.6.2
Fortinet FortiOS FortiOS versions antérieures à 7.6.1 pour la vulnérabilité CVE-2024-52963
Fortinet FortiRecorder FortiRecorder versions antérieures à 7.0.5
Fortinet FortiAnalyzer FortiAnalyzer versions 7.2.x antérieures à 7.2.6
Fortinet FortiAnalyzer FortiAnalyzer versions 7.0.x antérieures à 7.0.13
Fortinet FortiSOAR FortiSOAR versions 7.4.x antérieures à 7.4.5
Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet FortiSOAR Connecteur IMAP pour FortiSOAR versions antérieures à 3.5.8
Fortinet FortiManager FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.4
Fortinet FortiOS FortiOS versions antérieures à 7.0.16
Fortinet FortiPortal FortiPortal versions 7.0.x antérieures à 7.0.9
Fortinet FortiWLC FortiWLC versions 8.6.x antérieures à 8.6.6
Fortinet FortiManager FortiManager versions 6.4.x antérieures à 6.4.15
Fortinet FortiClient FortiClientEMS versions 7.4.x antérieures à 7.4.1
Fortinet FortiClient FortiClientEMS Cloud versions antérieures à 7.2.5
Fortinet FortiClient FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.1
Fortinet FortiPortal FortiPortal versions 6.0.x antérieures à 6.0.15
Fortinet FortiClient FortiClientMac versions antérieures à 7.4.0
Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet FortiMail FortiMail versions 6.4x antérieures à 6.4.8
Fortinet FortiManager FortiManager versions 7.0.x antérieures à 7.0.13
Fortinet FortiVoiceEnterprise FortiVoiceEnterprise versions antérieures à 6.0.10
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions 7.4.x postérieures à 7.4.1 et antérieures à 7.4.4
Fortinet FortiWeb FortiWeb versions 7.2.x antérieures à 7.2.8
Fortinet FortiManager FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.7
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions 7.2.x postérieures à 7.2.1 et antérieures à 7.2.7
Fortinet FortiSwitch FortiSwitch versions 7.4.x antérieures à 7.4.1
Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.2
Fortinet FortiAP-W2 FortiAP-W2 versions antérieures à 7.2.4
Fortinet FortiClient FortiClientEMS versions antérieures à 7.2.5
Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet FortiSwitch FortiSwitch versions 7.2.x antérieures à 7.2.6
Fortinet FortiDDoS FortiDDoS versions antérieures à 5.5.1
Fortinet FortiAP FortiAP versions antérieures à 7.2.4
Fortinet FortiSwitch FortiSwitch versions antérieures à 6.2.8
Fortinet FortiClient FortiClientWindows versions antérieures à 7.4.1
Fortinet FortiSOAR FortiSOAR versions antérieures à 7.2.2 Security Patch 9
Fortinet FortiAnalyzer FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6
Fortinet FortiDeceptor FortiDeceptor versions antérieures à 6.0.1
Fortinet FortiAP-S FortiAP-S versions antérieures à 6.4.10
Fortinet FortiVoiceEnterprise FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4
Fortinet FortiAuthenticator FortiAuthenticator versions antérieures à 6.3.3
Fortinet FortiPortal FortiPortal versions 7.2.x antérieures à 7.2.5
Fortinet FortiProxy FortiProxy versions 7.0.x antérieures à 7.0.19
Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet FortiAnalyzer FortiAnalyzer versions 7.4.x antérieures à 7.4.4
Fortinet FortiWeb FortiWeb versions 7.4.x antérieures à 7.4.5
Fortinet FortiManager FortiManager Cloud versions antérieures à 7.0.13
Fortinet FortiSandbox FortiSandbox versions 4.4.x antérieures à 4.4.5
Fortinet FortiAP FortiAP versions 7.4.x antérieures à 7.4.3
Fortinet FortiClient FortiClientLinux versions antérieures à 7.2.5
Fortinet FortiSwitch FortiSwitch versions 6.4.x antérieures à 6.4.14
Fortinet FortiNDR FortiNDR versions antérieures à 7.2.2
Fortinet FortiManager FortiManager versions 6.2.x antérieures à 6.2.12
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions antérieures à 7.0.12
Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.1
Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.5
Fortinet FortiNDR FortiNDR versions 7.4.x antérieures à 7.4.3
Fortinet FortiProxy FortiProxy versions 2.0.x antérieures à 2.0.15
Fortinet FortiSOAR FortiSOAR versions 7.3.x antérieures à 7.3.3
Fortinet FortiManager FortiManager versions 7.2.x antérieures à 7.2.6
Fortinet FortiClient FortiClientLinux versions antérieures à 7.4.0
Fortinet FortiSIEM FortiSIEM versions antérieures à 7.1.6
Fortinet FortiSandbox FortiSandbox versions antérieures à 4.0.5
Fortinet FortiAP-W2 FortiAP-W2 versions 7.4.x antérieures à 7.4.3
Fortinet FortiSandbox FortiSandbox versions 4.2.x antérieures à 4.2.7
Fortinet FortiADC FortiADC versions 6.2.x antérieures à 6.2.4
Fortinet FortiProxy FortiProxy versions 7.4.x antérieures à 7.4.6
Fortinet FortiSwitch FortiSwitch versions 7.0.x antérieures à 7.0.8
Fortinet FortiTester FortiTester versions antérieures à 7.2.1
Fortinet FortiAnalyzer FortiAnalyzer versions 6.4.x antérieures à 6.4.15
Fortinet FortiAuthenticator FortiAuthenticator versions 6.4.x antérieures à 6.4.1
Fortinet FortiVoice FortiVoice versions antérieures à 6.4.10
Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.12
Fortinet FortiSOAR FortiSOAR versions 7.5.x antérieures à 7.5.1
Fortinet FortiRecorder FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet FortiMail FortiMail versions 7.0.x antérieures à 7.0.7
References
Bulletin de sécurité Fortinet FG-IR-23-258 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-458 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-061 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-405 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-285 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-165 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-494 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-220 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-221 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-078 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-282 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-373 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-106 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-250 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-189 2025-01-15 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-401 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-239 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-097 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-260 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-170 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-259 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-143 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-476 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-415 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-461 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-266 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-407 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-086 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-465 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-222 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-219 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-210 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-211 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-267 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-010 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-473 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-216 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-326 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-135 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-152 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-304 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-164 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-310 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-405 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-127 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-381 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-091 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-417 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-293 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-071 2025-01-14 vendor-advisory

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.3.3",
      "product": {
        "name": "FortiDDoS-F",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.1 pour la vuln\u00e9rabilit\u00e9 CVE-2024-52963",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "Connecteur IMAP pour FortiSOAR versions ant\u00e9rieures \u00e0 3.5.8",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLC versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
      "product": {
        "name": "FortiWLC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.15",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.10",
      "product": {
        "name": "FortiVoiceEnterprise",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.4.x post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.2.x post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAP-W2",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.2.8",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.2 Security Patch 9",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-S versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiAP-S",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
      "product": {
        "name": "FortiVoiceEnterprise",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.3",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.19",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.14",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.12",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.15",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.1.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAP-W2",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.5.x ant\u00e9rieures \u00e0 7.5.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45326"
    },
    {
      "name": "CVE-2023-37931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37931"
    },
    {
      "name": "CVE-2024-32115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32115"
    },
    {
      "name": "CVE-2023-42786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42786"
    },
    {
      "name": "CVE-2024-35280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35280"
    },
    {
      "name": "CVE-2024-35273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35273"
    },
    {
      "name": "CVE-2024-48884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48884"
    },
    {
      "name": "CVE-2024-46666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46666"
    },
    {
      "name": "CVE-2022-23439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23439"
    },
    {
      "name": "CVE-2024-47571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47571"
    },
    {
      "name": "CVE-2024-35275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35275"
    },
    {
      "name": "CVE-2024-47573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47573"
    },
    {
      "name": "CVE-2024-52963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52963"
    },
    {
      "name": "CVE-2023-37937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37937"
    },
    {
      "name": "CVE-2024-33503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33503"
    },
    {
      "name": "CVE-2024-55593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55593"
    },
    {
      "name": "CVE-2024-48885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48885"
    },
    {
      "name": "CVE-2024-46662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46662"
    },
    {
      "name": "CVE-2024-27778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27778"
    },
    {
      "name": "CVE-2024-48893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48893"
    },
    {
      "name": "CVE-2024-47566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47566"
    },
    {
      "name": "CVE-2024-52969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52969"
    },
    {
      "name": "CVE-2024-35276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35276"
    },
    {
      "name": "CVE-2024-40587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40587"
    },
    {
      "name": "CVE-2024-36512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36512"
    },
    {
      "name": "CVE-2023-46715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46715"
    },
    {
      "name": "CVE-2024-36510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36510"
    },
    {
      "name": "CVE-2024-56497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56497"
    },
    {
      "name": "CVE-2024-46665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46665"
    },
    {
      "name": "CVE-2024-48890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48890"
    },
    {
      "name": "CVE-2024-21758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21758"
    },
    {
      "name": "CVE-2024-52967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52967"
    },
    {
      "name": "CVE-2023-37936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37936"
    },
    {
      "name": "CVE-2024-46668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46668"
    },
    {
      "name": "CVE-2024-35278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35278"
    },
    {
      "name": "CVE-2024-26012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26012"
    },
    {
      "name": "CVE-2024-46664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46664"
    },
    {
      "name": "CVE-2024-23106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23106"
    },
    {
      "name": "CVE-2024-54021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54021"
    },
    {
      "name": "CVE-2024-46669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46669"
    },
    {
      "name": "CVE-2023-5217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
    },
    {
      "name": "CVE-2023-42785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42785"
    },
    {
      "name": "CVE-2024-36504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36504"
    },
    {
      "name": "CVE-2024-35277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35277"
    },
    {
      "name": "CVE-2023-4863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
    },
    {
      "name": "CVE-2024-48886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48886"
    },
    {
      "name": "CVE-2024-50564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50564"
    },
    {
      "name": "CVE-2024-33502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33502"
    },
    {
      "name": "CVE-2024-45331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45331"
    },
    {
      "name": "CVE-2024-50563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50563"
    },
    {
      "name": "CVE-2024-36506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36506"
    },
    {
      "name": "CVE-2024-46667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46667"
    },
    {
      "name": "CVE-2024-46670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46670"
    },
    {
      "name": "CVE-2024-47572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47572"
    }
  ],
  "initial_release_date": "2025-01-15T00:00:00",
  "last_revision_date": "2025-01-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0031",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-258",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-258"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-458",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-458"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-061",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-061"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-405",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-405"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-285",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-285"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-165",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-165"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-494",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-494"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-220",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-220"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-221",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-221"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-078",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-078"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-282",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-282"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-373",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-373"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-106",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-106"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-250",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-250"
    },
    {
      "published_at": "2025-01-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-189",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-189"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-401",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-401"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-239",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-239"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-097",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-097"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-260",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-260"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-170",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-170"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-259",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-259"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-143",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-143"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-476",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-476"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-415",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-415"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-461",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-461"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-266",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-266"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-407",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-407"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-086",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-086"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-465",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-465"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-222",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-222"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-219",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-219"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-210",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-210"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-211",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-211"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-267",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-267"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-010",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-010"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-473",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-473"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-216",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-216"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-326",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-326"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-135",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-135"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-152",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-152"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-304",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-304"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-164",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-164"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-310",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-310"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-405",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-405"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-127",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-127"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-381",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-381"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-091",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-091"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-417",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-417"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-293",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-293"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-071",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-071"
    }
  ]
}

CVE-2025-59810 (GCVE-0-2025-59810)

Vulnerability from nvd – Published: 2025-12-09 17:19 – Updated: 2025-12-09 20:42
VLAI?
Summary
An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests
Severity ?
6.2 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR on-premise Affected: 7.6.0 , ≤ 7.6.2 (semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiSOAR PaaS Affected: 7.6.0 , ≤ 7.6.2 (semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59810",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T20:20:18.195341Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-09T20:42:59.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR on-premise",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.2",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR PaaS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.2",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T17:19:06.350Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-601",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-601"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\nUpgrade to FortiSOAR PaaS version 7.5.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-59810",
    "datePublished": "2025-12-09T17:19:06.350Z",
    "dateReserved": "2025-09-22T08:19:21.055Z",
    "dateUpdated": "2025-12-09T20:42:59.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59808 (GCVE-0-2025-59808)

Vulnerability from nvd – Published: 2025-12-09 17:19 – Updated: 2025-12-09 20:43
VLAI?
Summary
An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim's user account to reset the account credentials without being prompted for the account's password
Severity ?
6.5 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:H/RL:O/RC:C
CWE
  • CWE-620 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR on-premise Affected: 7.6.0 , ≤ 7.6.2 (semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiSOAR PaaS Affected: 7.6.0 , ≤ 7.6.2 (semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59808",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T20:20:31.034553Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-09T20:43:08.226Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR on-premise",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.2",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR PaaS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.2",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim\u0027s user account to reset the account credentials without being prompted for the account\u0027s password"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:H/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-620",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T17:19:06.347Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-599",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-599"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\nUpgrade to FortiSOAR PaaS version 7.5.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-59808",
    "datePublished": "2025-12-09T17:19:06.347Z",
    "dateReserved": "2025-09-22T08:19:21.055Z",
    "dateUpdated": "2025-12-09T20:43:08.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-48891 (GCVE-0-2024-48891)

Vulnerability from nvd – Published: 2025-10-14 15:22 – Updated: 2025-10-21 03:55
VLAI?
Summary
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access (via another hypothetical vulnerability) to perform a local privilege escalation via crafted commands.
Severity ?
6.6 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
CWE
  • CWE-78 - Escalation of privilege
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR on-premise Affected: 7.6.0
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48891",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T03:55:26.648Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR on-premise",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access (via another hypothetical vulnerability) to perform a local privilege escalation via crafted commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T15:22:30.906Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-412",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-412"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSOAR on-premise version 7.6.2 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-48891",
    "datePublished": "2025-10-14T15:22:30.906Z",
    "dateReserved": "2024-10-09T09:03:09.962Z",
    "dateUpdated": "2025-10-21T03:55:26.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32932 (GCVE-0-2025-32932)

Vulnerability from nvd – Published: 2025-08-12 19:00 – Updated: 2025-08-13 20:13
VLAI?
Summary
An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests
Severity ?
6.2 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:U/RC:C
CWE
  • CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR Affected: 7.6.0 , ≤ 7.6.1 (semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
Affected: 7.2.0 , ≤ 7.2.2 (semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.3 , ≤ 6.4.4 (semver)
Affected: 6.4.0 , ≤ 6.4.1 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32932",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T19:54:23.450724Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T20:13:36.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.1",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T19:00:01.506Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-513",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-513"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.6.2 or above \nPlease upgrade to FortiSOAR version 7.5.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-32932",
    "datePublished": "2025-08-12T19:00:01.506Z",
    "dateReserved": "2025-04-14T20:15:17.185Z",
    "dateUpdated": "2025-08-13T20:13:36.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-48892 (GCVE-0-2024-48892)

Vulnerability from nvd – Published: 2025-08-12 19:00 – Updated: 2025-08-13 20:13
VLAI?
Summary
A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:X/RC:C
CWE
  • CWE-23 - Information disclosure
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR Affected: 7.6.0
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48892",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T19:54:21.184423Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T20:13:21.451Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T19:00:07.291Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-421",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-421"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.6.1 or above \nPlease upgrade to FortiSOAR version 7.5.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-48892",
    "datePublished": "2025-08-12T19:00:07.291Z",
    "dateReserved": "2024-10-09T09:03:09.962Z",
    "dateUpdated": "2025-08-13T20:13:21.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21760 (GCVE-0-2024-21760)

Vulnerability from nvd – Published: 2025-03-18 13:56 – Updated: 2025-03-18 14:15
VLAI?
Summary
An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code snippet.
Severity ?
7.7 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:X/RC:X
CWE
  • CWE-94 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
Affected: 7.2.0 , ≤ 7.2.2 (semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.3 , ≤ 6.4.4 (semver)
Affected: 6.4.0 , ≤ 6.4.1 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21760",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-18T14:14:53.853979Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T14:15:03.959Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper control of generation of code (\u0027Code Injection\u0027) vulnerability [CWE-94]\u00a0in\u00a0FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow\u00a0an authenticated attacker\u00a0to execute arbitrary code on the host via a playbook code snippet."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-18T13:56:44.525Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-420",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-420"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.5.0 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-21760",
    "datePublished": "2025-03-18T13:56:44.525Z",
    "dateReserved": "2024-01-02T10:15:00.527Z",
    "dateUpdated": "2025-03-18T14:15:03.959Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23439 (GCVE-0-2022-23439)

Vulnerability from nvd – Published: 2025-01-22 09:10 – Updated: 2025-01-22 14:21
VLAI?
Summary
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
Severity ?
4.1 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • CWE-610 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiTester Affected: 7.2.0 , ≤ 7.2.1 (semver)
Affected: 7.1.0 , ≤ 7.1.1 (semver)
Affected: 7.0.0
Affected: 4.2.0 , ≤ 4.2.1 (semver)
Affected: 4.1.0 , ≤ 4.1.1 (semver)
Affected: 4.0.0
Affected: 3.9.0 , ≤ 3.9.2 (semver)
Affected: 3.8.0
Affected: 3.7.0 , ≤ 3.7.1 (semver)
Affected: 3.6.0
Affected: 3.5.0 , ≤ 3.5.1 (semver)
Affected: 3.4.0
Affected: 3.3.0 , ≤ 3.3.1 (semver)
Create a notification for this product.
    Fortinet FortiOS Affected: 7.2.0
Affected: 7.0.0 , ≤ 7.0.5 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
Affected: 6.2.0 , ≤ 6.2.16 (semver)
Affected: 6.0.0 , ≤ 6.0.18 (semver)
Affected: 6.4.0 , < 6.4.* (semver)
    cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiMail Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.0 , ≤ 6.4.8 (semver)
Affected: 6.2.0 , ≤ 6.2.9 (semver)
Affected: 6.0.0 , ≤ 6.0.12 (semver)
Affected: 5.4.0 , ≤ 5.4.12 (semver)
Affected: 7.2.0 , < 7.2.* (semver)
    cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.2.*:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiSwitch Affected: 7.0.0 , ≤ 7.0.4 (semver)
Affected: 6.4.0 , ≤ 6.4.10 (semver)
Affected: 6.2.0 , ≤ 6.2.8 (semver)
Affected: 6.0.0 , ≤ 6.0.7 (semver)
    cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiDDoS-F Affected: 6.3.0 , ≤ 6.3.3 (semver)
Affected: 6.2.0 , ≤ 6.2.3 (semver)
Affected: 6.1.0 , ≤ 6.1.5 (semver)
    cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiProxy Affected: 7.0.0 , ≤ 7.0.4 (semver)
Affected: 2.0.0 , ≤ 2.0.14 (semver)
Affected: 1.2.0 , ≤ 1.2.13 (semver)
Affected: 1.1.0 , ≤ 1.1.6 (semver)
Affected: 1.0.0 , ≤ 1.0.7 (semver)
Create a notification for this product.
    Fortinet FortiRecorder Affected: 6.4.0 , ≤ 6.4.2 (semver)
Affected: 6.0.0 , ≤ 6.0.10 (semver)
Affected: 2.7.0 , ≤ 2.7.7 (semver)
Affected: 2.6.0 , ≤ 2.6.3 (semver)
    cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiNDR Affected: 7.2.0
Affected: 7.1.0
Affected: 7.0.0 , ≤ 7.0.6 (semver)
Affected: 1.5.0 , ≤ 1.5.3 (semver)
Affected: 1.4.0
Affected: 1.3.0 , ≤ 1.3.1 (semver)
Affected: 1.2.0
Affected: 1.1.0
Create a notification for this product.
    Fortinet FortiADC Affected: 7.0.0 , ≤ 7.0.1 (semver)
Affected: 6.2.0 , ≤ 6.2.3 (semver)
Affected: 6.1.0 , ≤ 6.1.6 (semver)
Affected: 6.0.0 , ≤ 6.0.4 (semver)
Affected: 5.4.0 , ≤ 5.4.5 (semver)
Affected: 5.3.0 , ≤ 5.3.7 (semver)
Affected: 5.2.0 , ≤ 5.2.8 (semver)
Affected: 5.1.0 , ≤ 5.1.7 (semver)
Affected: 5.0.0 , ≤ 5.0.4 (semver)
    cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiManager Affected: 7.4.0 , ≤ 7.4.3 (semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
Affected: 6.2.0 , ≤ 6.2.13 (semver)
    cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiSOAR Affected: 7.2.0 , ≤ 7.2.2 (semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.3 , ≤ 6.4.4 (semver)
Affected: 6.4.0 , ≤ 6.4.1 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiVoice Affected: 7.0.0 , ≤ 7.0.1 (semver)
Affected: 6.4.0 , ≤ 6.4.8 (semver)
Affected: 6.0.0 , ≤ 6.0.11 (semver)
    cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiDDoS Affected: 5.5.0 , ≤ 5.5.1 (semver)
Affected: 5.4.0 , ≤ 5.4.3 (semver)
Affected: 5.3.0 , ≤ 5.3.2 (semver)
Affected: 5.2.0
Affected: 5.1.0
Affected: 5.0.0
Affected: 4.7.0
Affected: 4.6.0
Affected: 4.5.0
    cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiWLC Affected: 8.6.0 , ≤ 8.6.7 (semver)
Affected: 8.5.0 , ≤ 8.5.5 (semver)
Affected: 8.4.4 , ≤ 8.4.8 (semver)
Affected: 8.4.0 , ≤ 8.4.2 (semver)
    cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
Affected: 6.2.0 , ≤ 6.2.13 (semver)
    cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiPortal Affected: 6.0.0 , ≤ 6.0.9 (semver)
Create a notification for this product.
    Fortinet FortiAuthenticator Affected: 6.4.0 , ≤ 6.4.1 (semver)
Affected: 6.3.0 , ≤ 6.3.3 (semver)
Affected: 6.2.0 , ≤ 6.2.2 (semver)
Affected: 6.1.0 , ≤ 6.1.3 (semver)
Affected: 6.0.0 , ≤ 6.0.8 (semver)
Affected: 5.5.0
Affected: 5.4.0 , ≤ 5.4.1 (semver)
Affected: 5.3.0 , ≤ 5.3.1 (semver)
Affected: 5.2.0 , ≤ 5.2.2 (semver)
Affected: 5.1.0 , ≤ 5.1.2 (semver)
    cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23439",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-22T14:21:27.552014Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-22T14:21:36.714Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiTester",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "lessThanOrEqual": "4.2.1",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.1.1",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "4.0.0"
            },
            {
              "lessThanOrEqual": "3.9.2",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.8.0"
            },
            {
              "lessThanOrEqual": "3.7.1",
              "status": "affected",
              "version": "3.7.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.6.0"
            },
            {
              "lessThanOrEqual": "3.5.1",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.4.0"
            },
            {
              "lessThanOrEqual": "3.3.1",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.16",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.18",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.4.*",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.12",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.2.*",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSwitch",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.8",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.7",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiDDoS-F",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.3.3",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.3",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.5",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.14",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.2.13",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.1.6",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.7",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiRecorder",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.2",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.10",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.7.7",
              "status": "affected",
              "version": "2.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.6.3",
              "status": "affected",
              "version": "2.6.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiNDR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.5.3",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.4.0"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "status": "affected",
              "version": "1.1.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiADC",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.3",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.6",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.4",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.5",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.7",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.8",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.1.7",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.4",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiVoice",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiDDoS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "5.5.1",
              "status": "affected",
              "version": "5.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.3",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.2",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.2.0"
            },
            {
              "status": "affected",
              "version": "5.1.0"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            },
            {
              "status": "affected",
              "version": "4.7.0"
            },
            {
              "status": "affected",
              "version": "4.6.0"
            },
            {
              "status": "affected",
              "version": "4.5.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiWLC",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "8.6.7",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.5",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.2",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.0.9",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAuthenticator",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.3",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.2",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.3",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.8",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.5.0"
            },
            {
              "lessThanOrEqual": "5.4.1",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.1",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.2",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.1.2",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-610",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-22T09:10:28.669Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-21-254",
          "url": "https://fortiguard.com/psirt/FG-IR-21-254"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "FortiOS\nAdministrative Interface\nPlease upgrade to FortiOS version 7.0.6 and above,\nPlease upgrade to FortiOS version 7.2.1 and above.\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebfilter interface (port 8008)\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nPlease upgrade to FortiOS version 7.0.12 or above\nPlease upgrade to FortiOS version 6.4.13 or above\n\nFortiProxy\nAdministrative Interface\nPlease upgrade to FortiProxy version 7.0.5 and above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiProxy version 7.4.0 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebFilter\u00a0interface (port 8008)\nPlease upgrade to FortiProxy version 7.4.0 or above\n\nPlease upgrade to FortiRecorder version 7.0.0 or above \nPlease upgrade to FortiRecorder version 6.4.3 or above \nPlease upgrade to FortiRecorder version 6.0.11 or above \nPlease upgrade to FortiNDR version 7.4.0 or above\n\nFortiNDR\nPlease upgrade to FortiNDR version 7.2.1 or above\nPlease upgrade to FortiNDR version 7.1.1 or above\nAND\nSet the `https-redirect-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set https-redirect-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\nend\n\nFortiADC\nPlease upgrade to FortiADC version 7.1.0 or above\nPlease upgrade to FortiADC version 7.0.2 or above\nPlease upgrade to FortiADC version 6.2.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n\u00a0 config system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nFortiDDOS-F\nPlease upgrade to FortiDDoS-F version 6.4.0 or above\nPlease upgrade to FortiDDoS-F version 6.3.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n\u00a0 config system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\" \n\nPlease upgrade to FortiSwitch version 7.2.0 or above \nPlease upgrade to FortiSwitch version 7.0.5 or above \nPlease upgrade to FortiSwitch version 6.4.11 or above \nPlease upgrade to FortiVoice version 7.0.2 or above\nPlease upgrade to FortiVoice version 6.4.9 or above\nPlease upgrade to FortiMail version 7.2.0 or above \nPlease upgrade to FortiMail version 7.0.4 or above \nPlease upgrade to FortiWLC version 8.6.7 or above \nPlease upgrade to FortiAuthenticator version 6.4.2 or above \nPlease upgrade to FortiAuthenticator version 6.3.4 or above \nPlease upgrade to FortiDDoS version 5.6.0 or above \nPlease upgrade to FortiDDoS version 5.5.2 or above \nPlease upgrade to FortiSOAR version 7.3.0 or above \nPlease upgrade to FortiTester version 7.3.0 or above \nPlease upgrade to FortiTester version 7.2.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-23439",
    "datePublished": "2025-01-22T09:10:28.669Z",
    "dateReserved": "2022-01-19T07:38:03.512Z",
    "dateUpdated": "2025-01-22T14:21:36.714Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-48893 (GCVE-0-2024-48893)

Vulnerability from nvd – Published: 2025-01-14 14:08 – Updated: 2025-01-14 20:57
VLAI?
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
CWE
  • CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR Affected: 7.3.0 , ≤ 7.3.3 (semver)
Affected: 7.2.1 , ≤ 7.2.2 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48893",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T15:16:52.295434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T20:57:27.993Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:08:29.839Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-405",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-405"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.4.0 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-48893",
    "datePublished": "2025-01-14T14:08:29.839Z",
    "dateReserved": "2024-10-09T09:03:09.963Z",
    "dateUpdated": "2025-01-14T20:57:27.993Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-48890 (GCVE-0-2024-48890)

Vulnerability from nvd – Published: 2025-01-14 14:09 – Updated: 2025-01-15 14:55
VLAI?
Summary
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook
Severity ?
6.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L/E:P/RL:X/RC:C
CWE
  • CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR Affected: 7.5.0
    cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48890",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T14:54:48.634044Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T14:55:00.652Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:09:50.944Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-415",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-415"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.5.1 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-48890",
    "datePublished": "2025-01-14T14:09:50.944Z",
    "dateReserved": "2024-10-09T09:03:09.962Z",
    "dateUpdated": "2025-01-15T14:55:00.652Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47572 (GCVE-0-2024-47572)

Vulnerability from nvd – Published: 2025-01-14 14:09 – Updated: 2025-02-18 21:36
VLAI?
Summary
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file
Severity ?
8.3 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
CWE
  • CWE-1236 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR Affected: 7.4.0 , ≤ 7.4.1 (semver)
Affected: 7.3.0 , ≤ 7.3.2 (semver)
Affected: 7.2.1 , ≤ 7.2.2 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47572",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T14:25:14.521485Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T21:36:45.163Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.2",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:09:59.359Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-210",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-210"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.4.2 or above \nPlease upgrade to FortiSOAR version 7.3.3 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-47572",
    "datePublished": "2025-01-14T14:09:59.359Z",
    "dateReserved": "2024-09-27T16:19:24.136Z",
    "dateUpdated": "2025-02-18T21:36:45.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36510 (GCVE-0-2024-36510)

Vulnerability from nvd – Published: 2025-01-14 14:09 – Updated: 2025-01-15 14:51
VLAI?
Summary
An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.
Severity ?
4.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiClientEMS Affected: 7.2.0 , ≤ 7.2.4 (semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver)
Create a notification for this product.
    Fortinet FortiSOAR Affected: 7.5.0
Affected: 7.4.0 , ≤ 7.4.4 (semver)
Affected: 7.3.0 , ≤ 7.3.2 (semver)
Affected: 7.2.0 , ≤ 7.2.2 (semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.3 , ≤ 6.4.4 (semver)
Affected: 6.4.0 , ≤ 6.4.1 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36510",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T14:50:55.718822Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T14:51:13.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiClientEMS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.5.0"
            },
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.2",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-204",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:09:49.286Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-071",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-071"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiClientEMS version 7.4.1 or above \nPlease upgrade to FortiClientEMS version 7.2.5 or above \nPlease upgrade to FortiSOAR version 7.6.0 or above \nPlease upgrade to FortiSOAR version 7.5.1 or above \nPlease upgrade to FortiSOAR version 7.4.5 or above \nPlease upgrade to FortiSOAR version 7.3.3 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-36510",
    "datePublished": "2025-01-14T14:09:49.286Z",
    "dateReserved": "2024-05-29T08:44:50.760Z",
    "dateUpdated": "2025-01-15T14:51:13.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45327 (GCVE-0-2024-45327)

Vulnerability from nvd – Published: 2024-09-11 09:53 – Updated: 2024-09-12 03:55
VLAI?
Summary
An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests.
Severity ?
7.1 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
CWE
  • CWE-307 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR Affected: 7.4.0 , ≤ 7.4.3 (semver)
Affected: 7.3.0 , ≤ 7.3.2 (semver)
Affected: 7.2.0 , ≤ 7.2.2 (semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45327",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T03:55:24.954Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.2",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-11T09:53:46.087Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-048",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-048"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.5.0 or above \nPlease upgrade to FortiSOAR version 7.4.4 or above \nPlease upgrade to FortiSOAR version 7.3.3 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-45327",
    "datePublished": "2024-09-11T09:53:46.087Z",
    "dateReserved": "2024-08-27T06:43:07.250Z",
    "dateUpdated": "2024-09-12T03:55:24.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-59810 (GCVE-0-2025-59810)

Vulnerability from cvelistv5 – Published: 2025-12-09 17:19 – Updated: 2025-12-09 20:42
VLAI?
Summary
An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests
Severity ?
6.2 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR on-premise Affected: 7.6.0 , ≤ 7.6.2 (semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiSOAR PaaS Affected: 7.6.0 , ≤ 7.6.2 (semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59810",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T20:20:18.195341Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-09T20:42:59.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR on-premise",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.2",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR PaaS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.2",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T17:19:06.350Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-601",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-601"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\nUpgrade to FortiSOAR PaaS version 7.5.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-59810",
    "datePublished": "2025-12-09T17:19:06.350Z",
    "dateReserved": "2025-09-22T08:19:21.055Z",
    "dateUpdated": "2025-12-09T20:42:59.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59808 (GCVE-0-2025-59808)

Vulnerability from cvelistv5 – Published: 2025-12-09 17:19 – Updated: 2025-12-09 20:43
VLAI?
Summary
An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim's user account to reset the account credentials without being prompted for the account's password
Severity ?
6.5 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:H/RL:O/RC:C
CWE
  • CWE-620 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR on-premise Affected: 7.6.0 , ≤ 7.6.2 (semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiSOAR PaaS Affected: 7.6.0 , ≤ 7.6.2 (semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59808",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T20:20:31.034553Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-09T20:43:08.226Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR on-premise",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.2",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR PaaS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.2",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim\u0027s user account to reset the account credentials without being prompted for the account\u0027s password"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:H/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-620",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T17:19:06.347Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-599",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-599"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\nUpgrade to FortiSOAR PaaS version 7.5.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-59808",
    "datePublished": "2025-12-09T17:19:06.347Z",
    "dateReserved": "2025-09-22T08:19:21.055Z",
    "dateUpdated": "2025-12-09T20:43:08.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-48891 (GCVE-0-2024-48891)

Vulnerability from cvelistv5 – Published: 2025-10-14 15:22 – Updated: 2025-10-21 03:55
VLAI?
Summary
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access (via another hypothetical vulnerability) to perform a local privilege escalation via crafted commands.
Severity ?
6.6 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
CWE
  • CWE-78 - Escalation of privilege
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR on-premise Affected: 7.6.0
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48891",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T03:55:26.648Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR on-premise",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access (via another hypothetical vulnerability) to perform a local privilege escalation via crafted commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T15:22:30.906Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-412",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-412"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSOAR on-premise version 7.6.2 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-48891",
    "datePublished": "2025-10-14T15:22:30.906Z",
    "dateReserved": "2024-10-09T09:03:09.962Z",
    "dateUpdated": "2025-10-21T03:55:26.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-48892 (GCVE-0-2024-48892)

Vulnerability from cvelistv5 – Published: 2025-08-12 19:00 – Updated: 2025-08-13 20:13
VLAI?
Summary
A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:X/RC:C
CWE
  • CWE-23 - Information disclosure
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR Affected: 7.6.0
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48892",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T19:54:21.184423Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T20:13:21.451Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T19:00:07.291Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-421",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-421"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.6.1 or above \nPlease upgrade to FortiSOAR version 7.5.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-48892",
    "datePublished": "2025-08-12T19:00:07.291Z",
    "dateReserved": "2024-10-09T09:03:09.962Z",
    "dateUpdated": "2025-08-13T20:13:21.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32932 (GCVE-0-2025-32932)

Vulnerability from cvelistv5 – Published: 2025-08-12 19:00 – Updated: 2025-08-13 20:13
VLAI?
Summary
An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests
Severity ?
6.2 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:U/RC:C
CWE
  • CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR Affected: 7.6.0 , ≤ 7.6.1 (semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
Affected: 7.2.0 , ≤ 7.2.2 (semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.3 , ≤ 6.4.4 (semver)
Affected: 6.4.0 , ≤ 6.4.1 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32932",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T19:54:23.450724Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T20:13:36.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.1",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T19:00:01.506Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-513",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-513"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.6.2 or above \nPlease upgrade to FortiSOAR version 7.5.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-32932",
    "datePublished": "2025-08-12T19:00:01.506Z",
    "dateReserved": "2025-04-14T20:15:17.185Z",
    "dateUpdated": "2025-08-13T20:13:36.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21760 (GCVE-0-2024-21760)

Vulnerability from cvelistv5 – Published: 2025-03-18 13:56 – Updated: 2025-03-18 14:15
VLAI?
Summary
An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code snippet.
Severity ?
7.7 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:X/RC:X
CWE
  • CWE-94 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
Affected: 7.2.0 , ≤ 7.2.2 (semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.3 , ≤ 6.4.4 (semver)
Affected: 6.4.0 , ≤ 6.4.1 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21760",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-18T14:14:53.853979Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T14:15:03.959Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper control of generation of code (\u0027Code Injection\u0027) vulnerability [CWE-94]\u00a0in\u00a0FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow\u00a0an authenticated attacker\u00a0to execute arbitrary code on the host via a playbook code snippet."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-18T13:56:44.525Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-420",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-420"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.5.0 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-21760",
    "datePublished": "2025-03-18T13:56:44.525Z",
    "dateReserved": "2024-01-02T10:15:00.527Z",
    "dateUpdated": "2025-03-18T14:15:03.959Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23439 (GCVE-0-2022-23439)

Vulnerability from cvelistv5 – Published: 2025-01-22 09:10 – Updated: 2025-01-22 14:21
VLAI?
Summary
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
Severity ?
4.1 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • CWE-610 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiTester Affected: 7.2.0 , ≤ 7.2.1 (semver)
Affected: 7.1.0 , ≤ 7.1.1 (semver)
Affected: 7.0.0
Affected: 4.2.0 , ≤ 4.2.1 (semver)
Affected: 4.1.0 , ≤ 4.1.1 (semver)
Affected: 4.0.0
Affected: 3.9.0 , ≤ 3.9.2 (semver)
Affected: 3.8.0
Affected: 3.7.0 , ≤ 3.7.1 (semver)
Affected: 3.6.0
Affected: 3.5.0 , ≤ 3.5.1 (semver)
Affected: 3.4.0
Affected: 3.3.0 , ≤ 3.3.1 (semver)
Create a notification for this product.
    Fortinet FortiOS Affected: 7.2.0
Affected: 7.0.0 , ≤ 7.0.5 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
Affected: 6.2.0 , ≤ 6.2.16 (semver)
Affected: 6.0.0 , ≤ 6.0.18 (semver)
Affected: 6.4.0 , < 6.4.* (semver)
    cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiMail Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.0 , ≤ 6.4.8 (semver)
Affected: 6.2.0 , ≤ 6.2.9 (semver)
Affected: 6.0.0 , ≤ 6.0.12 (semver)
Affected: 5.4.0 , ≤ 5.4.12 (semver)
Affected: 7.2.0 , < 7.2.* (semver)
    cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.2.*:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiSwitch Affected: 7.0.0 , ≤ 7.0.4 (semver)
Affected: 6.4.0 , ≤ 6.4.10 (semver)
Affected: 6.2.0 , ≤ 6.2.8 (semver)
Affected: 6.0.0 , ≤ 6.0.7 (semver)
    cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiDDoS-F Affected: 6.3.0 , ≤ 6.3.3 (semver)
Affected: 6.2.0 , ≤ 6.2.3 (semver)
Affected: 6.1.0 , ≤ 6.1.5 (semver)
    cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiProxy Affected: 7.0.0 , ≤ 7.0.4 (semver)
Affected: 2.0.0 , ≤ 2.0.14 (semver)
Affected: 1.2.0 , ≤ 1.2.13 (semver)
Affected: 1.1.0 , ≤ 1.1.6 (semver)
Affected: 1.0.0 , ≤ 1.0.7 (semver)
Create a notification for this product.
    Fortinet FortiRecorder Affected: 6.4.0 , ≤ 6.4.2 (semver)
Affected: 6.0.0 , ≤ 6.0.10 (semver)
Affected: 2.7.0 , ≤ 2.7.7 (semver)
Affected: 2.6.0 , ≤ 2.6.3 (semver)
    cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiNDR Affected: 7.2.0
Affected: 7.1.0
Affected: 7.0.0 , ≤ 7.0.6 (semver)
Affected: 1.5.0 , ≤ 1.5.3 (semver)
Affected: 1.4.0
Affected: 1.3.0 , ≤ 1.3.1 (semver)
Affected: 1.2.0
Affected: 1.1.0
Create a notification for this product.
    Fortinet FortiADC Affected: 7.0.0 , ≤ 7.0.1 (semver)
Affected: 6.2.0 , ≤ 6.2.3 (semver)
Affected: 6.1.0 , ≤ 6.1.6 (semver)
Affected: 6.0.0 , ≤ 6.0.4 (semver)
Affected: 5.4.0 , ≤ 5.4.5 (semver)
Affected: 5.3.0 , ≤ 5.3.7 (semver)
Affected: 5.2.0 , ≤ 5.2.8 (semver)
Affected: 5.1.0 , ≤ 5.1.7 (semver)
Affected: 5.0.0 , ≤ 5.0.4 (semver)
    cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiManager Affected: 7.4.0 , ≤ 7.4.3 (semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
Affected: 6.2.0 , ≤ 6.2.13 (semver)
    cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiSOAR Affected: 7.2.0 , ≤ 7.2.2 (semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.3 , ≤ 6.4.4 (semver)
Affected: 6.4.0 , ≤ 6.4.1 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiVoice Affected: 7.0.0 , ≤ 7.0.1 (semver)
Affected: 6.4.0 , ≤ 6.4.8 (semver)
Affected: 6.0.0 , ≤ 6.0.11 (semver)
    cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiDDoS Affected: 5.5.0 , ≤ 5.5.1 (semver)
Affected: 5.4.0 , ≤ 5.4.3 (semver)
Affected: 5.3.0 , ≤ 5.3.2 (semver)
Affected: 5.2.0
Affected: 5.1.0
Affected: 5.0.0
Affected: 4.7.0
Affected: 4.6.0
Affected: 4.5.0
    cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiWLC Affected: 8.6.0 , ≤ 8.6.7 (semver)
Affected: 8.5.0 , ≤ 8.5.5 (semver)
Affected: 8.4.4 , ≤ 8.4.8 (semver)
Affected: 8.4.0 , ≤ 8.4.2 (semver)
    cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.4.0 , ≤ 7.4.2 (semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver)
Affected: 6.4.0 , ≤ 6.4.15 (semver)
Affected: 6.2.0 , ≤ 6.2.13 (semver)
    cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
    Fortinet FortiPortal Affected: 6.0.0 , ≤ 6.0.9 (semver)
Create a notification for this product.
    Fortinet FortiAuthenticator Affected: 6.4.0 , ≤ 6.4.1 (semver)
Affected: 6.3.0 , ≤ 6.3.3 (semver)
Affected: 6.2.0 , ≤ 6.2.2 (semver)
Affected: 6.1.0 , ≤ 6.1.3 (semver)
Affected: 6.0.0 , ≤ 6.0.8 (semver)
Affected: 5.5.0
Affected: 5.4.0 , ≤ 5.4.1 (semver)
Affected: 5.3.0 , ≤ 5.3.1 (semver)
Affected: 5.2.0 , ≤ 5.2.2 (semver)
Affected: 5.1.0 , ≤ 5.1.2 (semver)
    cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23439",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-22T14:21:27.552014Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-22T14:21:36.714Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiTester",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "lessThanOrEqual": "4.2.1",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.1.1",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "4.0.0"
            },
            {
              "lessThanOrEqual": "3.9.2",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.8.0"
            },
            {
              "lessThanOrEqual": "3.7.1",
              "status": "affected",
              "version": "3.7.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.6.0"
            },
            {
              "lessThanOrEqual": "3.5.1",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.4.0"
            },
            {
              "lessThanOrEqual": "3.3.1",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.16",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.18",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.4.*",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.12",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.2.*",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSwitch",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.8",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.7",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiDDoS-F",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.3.3",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.3",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.5",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.14",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.2.13",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.1.6",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.7",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiRecorder",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.2",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.10",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.7.7",
              "status": "affected",
              "version": "2.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.6.3",
              "status": "affected",
              "version": "2.6.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiNDR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.5.3",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.4.0"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "status": "affected",
              "version": "1.1.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiADC",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.3",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.6",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.4",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.5",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.7",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.8",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.1.7",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.4",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiVoice",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiDDoS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "5.5.1",
              "status": "affected",
              "version": "5.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.3",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.2",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.2.0"
            },
            {
              "status": "affected",
              "version": "5.1.0"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            },
            {
              "status": "affected",
              "version": "4.7.0"
            },
            {
              "status": "affected",
              "version": "4.6.0"
            },
            {
              "status": "affected",
              "version": "4.5.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiWLC",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "8.6.7",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.5",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.2",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.0.9",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAuthenticator",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.3",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.2",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.3",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.8",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.5.0"
            },
            {
              "lessThanOrEqual": "5.4.1",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.1",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.2",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.1.2",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-610",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-22T09:10:28.669Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-21-254",
          "url": "https://fortiguard.com/psirt/FG-IR-21-254"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "FortiOS\nAdministrative Interface\nPlease upgrade to FortiOS version 7.0.6 and above,\nPlease upgrade to FortiOS version 7.2.1 and above.\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebfilter interface (port 8008)\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nPlease upgrade to FortiOS version 7.0.12 or above\nPlease upgrade to FortiOS version 6.4.13 or above\n\nFortiProxy\nAdministrative Interface\nPlease upgrade to FortiProxy version 7.0.5 and above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiProxy version 7.4.0 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebFilter\u00a0interface (port 8008)\nPlease upgrade to FortiProxy version 7.4.0 or above\n\nPlease upgrade to FortiRecorder version 7.0.0 or above \nPlease upgrade to FortiRecorder version 6.4.3 or above \nPlease upgrade to FortiRecorder version 6.0.11 or above \nPlease upgrade to FortiNDR version 7.4.0 or above\n\nFortiNDR\nPlease upgrade to FortiNDR version 7.2.1 or above\nPlease upgrade to FortiNDR version 7.1.1 or above\nAND\nSet the `https-redirect-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set https-redirect-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\nend\n\nFortiADC\nPlease upgrade to FortiADC version 7.1.0 or above\nPlease upgrade to FortiADC version 7.0.2 or above\nPlease upgrade to FortiADC version 6.2.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n\u00a0 config system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nFortiDDOS-F\nPlease upgrade to FortiDDoS-F version 6.4.0 or above\nPlease upgrade to FortiDDoS-F version 6.3.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n\u00a0 config system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\" \n\nPlease upgrade to FortiSwitch version 7.2.0 or above \nPlease upgrade to FortiSwitch version 7.0.5 or above \nPlease upgrade to FortiSwitch version 6.4.11 or above \nPlease upgrade to FortiVoice version 7.0.2 or above\nPlease upgrade to FortiVoice version 6.4.9 or above\nPlease upgrade to FortiMail version 7.2.0 or above \nPlease upgrade to FortiMail version 7.0.4 or above \nPlease upgrade to FortiWLC version 8.6.7 or above \nPlease upgrade to FortiAuthenticator version 6.4.2 or above \nPlease upgrade to FortiAuthenticator version 6.3.4 or above \nPlease upgrade to FortiDDoS version 5.6.0 or above \nPlease upgrade to FortiDDoS version 5.5.2 or above \nPlease upgrade to FortiSOAR version 7.3.0 or above \nPlease upgrade to FortiTester version 7.3.0 or above \nPlease upgrade to FortiTester version 7.2.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-23439",
    "datePublished": "2025-01-22T09:10:28.669Z",
    "dateReserved": "2022-01-19T07:38:03.512Z",
    "dateUpdated": "2025-01-22T14:21:36.714Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47572 (GCVE-0-2024-47572)

Vulnerability from cvelistv5 – Published: 2025-01-14 14:09 – Updated: 2025-02-18 21:36
VLAI?
Summary
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file
Severity ?
8.3 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
CWE
  • CWE-1236 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR Affected: 7.4.0 , ≤ 7.4.1 (semver)
Affected: 7.3.0 , ≤ 7.3.2 (semver)
Affected: 7.2.1 , ≤ 7.2.2 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47572",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T14:25:14.521485Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T21:36:45.163Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.2",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:09:59.359Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-210",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-210"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.4.2 or above \nPlease upgrade to FortiSOAR version 7.3.3 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-47572",
    "datePublished": "2025-01-14T14:09:59.359Z",
    "dateReserved": "2024-09-27T16:19:24.136Z",
    "dateUpdated": "2025-02-18T21:36:45.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-48890 (GCVE-0-2024-48890)

Vulnerability from cvelistv5 – Published: 2025-01-14 14:09 – Updated: 2025-01-15 14:55
VLAI?
Summary
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook
Severity ?
6.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L/E:P/RL:X/RC:C
CWE
  • CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR Affected: 7.5.0
    cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48890",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T14:54:48.634044Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T14:55:00.652Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:09:50.944Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-415",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-415"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.5.1 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-48890",
    "datePublished": "2025-01-14T14:09:50.944Z",
    "dateReserved": "2024-10-09T09:03:09.962Z",
    "dateUpdated": "2025-01-15T14:55:00.652Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36510 (GCVE-0-2024-36510)

Vulnerability from cvelistv5 – Published: 2025-01-14 14:09 – Updated: 2025-01-15 14:51
VLAI?
Summary
An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.
Severity ?
4.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiClientEMS Affected: 7.2.0 , ≤ 7.2.4 (semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver)
Create a notification for this product.
    Fortinet FortiSOAR Affected: 7.5.0
Affected: 7.4.0 , ≤ 7.4.4 (semver)
Affected: 7.3.0 , ≤ 7.3.2 (semver)
Affected: 7.2.0 , ≤ 7.2.2 (semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver)
Affected: 6.4.3 , ≤ 6.4.4 (semver)
Affected: 6.4.0 , ≤ 6.4.1 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36510",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T14:50:55.718822Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T14:51:13.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiClientEMS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.5.0"
            },
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.2",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-204",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:09:49.286Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-071",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-071"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiClientEMS version 7.4.1 or above \nPlease upgrade to FortiClientEMS version 7.2.5 or above \nPlease upgrade to FortiSOAR version 7.6.0 or above \nPlease upgrade to FortiSOAR version 7.5.1 or above \nPlease upgrade to FortiSOAR version 7.4.5 or above \nPlease upgrade to FortiSOAR version 7.3.3 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-36510",
    "datePublished": "2025-01-14T14:09:49.286Z",
    "dateReserved": "2024-05-29T08:44:50.760Z",
    "dateUpdated": "2025-01-15T14:51:13.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-48893 (GCVE-0-2024-48893)

Vulnerability from cvelistv5 – Published: 2025-01-14 14:08 – Updated: 2025-01-14 20:57
VLAI?
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
CWE
  • CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR Affected: 7.3.0 , ≤ 7.3.3 (semver)
Affected: 7.2.1 , ≤ 7.2.2 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48893",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T15:16:52.295434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T20:57:27.993Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:08:29.839Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-405",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-405"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.4.0 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-48893",
    "datePublished": "2025-01-14T14:08:29.839Z",
    "dateReserved": "2024-10-09T09:03:09.963Z",
    "dateUpdated": "2025-01-14T20:57:27.993Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45327 (GCVE-0-2024-45327)

Vulnerability from cvelistv5 – Published: 2024-09-11 09:53 – Updated: 2024-09-12 03:55
VLAI?
Summary
An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests.
Severity ?
7.1 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
CWE
  • CWE-307 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR Affected: 7.4.0 , ≤ 7.4.3 (semver)
Affected: 7.3.0 , ≤ 7.3.2 (semver)
Affected: 7.2.0 , ≤ 7.2.2 (semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver)
    cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45327",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T03:55:24.954Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.2",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-11T09:53:46.087Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-048",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-048"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiSOAR version 7.5.0 or above \nPlease upgrade to FortiSOAR version 7.4.4 or above \nPlease upgrade to FortiSOAR version 7.3.3 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-45327",
    "datePublished": "2024-09-11T09:53:46.087Z",
    "dateReserved": "2024-08-27T06:43:07.250Z",
    "dateUpdated": "2024-09-12T03:55:24.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

VAR-202402-1155

Vulnerability from variot - Updated: 2025-02-22 23:38

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the Host header points to an arbitrary webserver. FortiADC , FortiAuthenticator , FortiDDoS Several Fortinet products, including the above, contain vulnerabilities that allow externally controlled access to resources in other areas.Information may be obtained and information may be tampered with

Show details on source website
To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202402-1155",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortiddos-f",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.1.0"
      },
      {
        "model": "fortiwlc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.6.0"
      },
      {
        "model": "fortiswitch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.5"
      },
      {
        "model": "fortimail",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.4"
      },
      {
        "model": "fortisoar",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.3.0"
      },
      {
        "model": "fortirecorder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortirecorder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortiauthenticator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.2"
      },
      {
        "model": "fortiauthenticator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortindr",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.2.0"
      },
      {
        "model": "fortiswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortiauthenticator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.3.0"
      },
      {
        "model": "fortiddos-f",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.3.4"
      },
      {
        "model": "fortimail",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortiproxy",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.2.0"
      },
      {
        "model": "fortirecorder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.11"
      },
      {
        "model": "fortiproxy",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.4.0"
      },
      {
        "model": "fortiauthenticator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.3.4"
      },
      {
        "model": "fortitester",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.2.2"
      },
      {
        "model": "fortindr",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.1.1"
      },
      {
        "model": "fortivoice",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.9"
      },
      {
        "model": "fortivoice",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.2.5"
      },
      {
        "model": "fortindr",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "1.4.0"
      },
      {
        "model": "fortiadc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.4"
      },
      {
        "model": "fortirecorder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.3"
      },
      {
        "model": "fortiproxy",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.5"
      },
      {
        "model": "fortiwlc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "8.6.7"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.2.0"
      },
      {
        "model": "fortiadc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.6"
      },
      {
        "model": "fortisoar",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortitester",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "3.7.0"
      },
      {
        "model": "fortiproxy",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "2.0.0"
      },
      {
        "model": "fortiddos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.3.0"
      },
      {
        "model": "fortiddos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.5.2"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortisoar",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortiwlc",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortivoice",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimail",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortiadc",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortiswitch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.4.0  that\u0027s all  7.0.5"
      },
      {
        "model": "fortiauthenticator",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortindr",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortiddos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortiddos-f",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortiproxy",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortitester",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortirecorder",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-025638"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23439"
      }
    ]
  },
  "cve": "CVE-2022-23439",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.6,
            "id": "CVE-2022-23439",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2022-23439",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2022-23439",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-23439",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-23439",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-23439",
            "trust": 0.8,
            "value": "Medium"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-025638"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23439"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23439"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver. FortiADC , FortiAuthenticator , FortiDDoS Several Fortinet products, including the above, contain vulnerabilities that allow externally controlled access to resources in other areas.Information may be obtained and information may be tampered with",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-23439"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-025638"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-23439",
        "trust": 2.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-025638",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23439",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-23439"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-025638"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23439"
      }
    ]
  },
  "id": "VAR-202402-1155",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.42976094
  },
  "last_update_date": "2025-02-22T23:38:28.822000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-23305 "
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-RCE "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-23439"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-610",
        "trust": 1.0
      },
      {
        "problemtype": "Externally controllable reference to another region resource (CWE-610) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-025638"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23439"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.0,
        "url": "https://fortiguard.com/psirt/fg-ir-21-254"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23439"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-23439"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-025638"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23439"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2022-23439"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-025638"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23439"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2025-02-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-025638"
      },
      {
        "date": "2025-01-22T10:15:07.737000",
        "db": "NVD",
        "id": "CVE-2022-23439"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2025-02-18T08:41:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-025638"
      },
      {
        "date": "2025-02-12T13:39:42.107000",
        "db": "NVD",
        "id": "CVE-2022-23439"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple Fortinet products are vulnerable to externally controlled access to resources in other domains",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-025638"
      }
    ],
    "trust": 0.8
  }
}

VAR-202205-0501

Vulnerability from variot - Updated: 2024-11-23 23:07

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. Fortinet FortiSOAR Exists in unspecified vulnerabilities.Information may be obtained. FortiSOAR is a Security Orchestration, Automation and Response (SOAR) solution from Fortinet, USA

Show details on source website
To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0501",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortisoar",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.2"
      },
      {
        "model": "fortisoar",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.4"
      },
      {
        "model": "fortisoar",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortisoar",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortisoar",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortisoar",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "7.2.0"
      },
      {
        "model": "fortisoar",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010448"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23443"
      }
    ]
  },
  "cve": "CVE-2022-23443",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-23443",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-412578",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-23443",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-010448",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-23443",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-23443",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-23443",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202205-2038",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-412578",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-23443",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-412578"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23443"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010448"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23443"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23443"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. Fortinet FortiSOAR Exists in unspecified vulnerabilities.Information may be obtained. FortiSOAR is a Security Orchestration, Automation and Response (SOAR) solution from Fortinet, USA",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-23443"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010448"
      },
      {
        "db": "VULHUB",
        "id": "VHN-412578"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23443"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-23443",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010448",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2022050321",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2038",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-50949",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-412578",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23443",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-412578"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23443"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010448"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23443"
      }
    ]
  },
  "id": "VAR-202205-0501",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-412578"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T23:07:25.073000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-22-041",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/FG-IR-22-041"
      },
      {
        "title": "Fortinet FortiSOAR Fixes for access control error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192819"
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-23305 "
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-RCE "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-23443"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010448"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2038"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "others (CWE-Other) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-863",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-412578"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010448"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23443"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/psirt/fg-ir-22-041"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23443"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022050321"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-23443/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-412578"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23443"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010448"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23443"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-412578"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23443"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010448"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23443"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-412578"
      },
      {
        "date": "2022-05-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-23443"
      },
      {
        "date": "2023-08-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-010448"
      },
      {
        "date": "2022-05-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-2038"
      },
      {
        "date": "2022-05-04T16:15:08.587000",
        "db": "NVD",
        "id": "CVE-2022-23443"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-412578"
      },
      {
        "date": "2023-08-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-23443"
      },
      {
        "date": "2023-08-15T06:46:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-010448"
      },
      {
        "date": "2022-05-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-2038"
      },
      {
        "date": "2024-11-21T06:48:34.093000",
        "db": "NVD",
        "id": "CVE-2022-23443"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2038"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet\u00a0FortiSOAR\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010448"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2038"
      }
    ],
    "trust": 0.6
  }
}