Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for fortianalyzer-bigdata by fortinet

    CVE-2025-49784 (GCVE-0-2025-49784)

    Vulnerability from nvd – Published: 2026-03-10 16:44 – Updated: 2026-03-11 03:56
    VLAI
    Summary
    An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAnalyzer-BigData Affected: 7.6.0
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.6.0 , ≤ 7.6.3 (semver)
        cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49784",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T03:56:55.482Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.6.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer-BigData",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:F/RL:T/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:16.287Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-095",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-095"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAnalyzer-BigData version 7.6.1 or above\nUpgrade to FortiAnalyzer-BigData version 7.4.5 or above\nUpgrade to upcoming  FortiAnalyzer version 8.0.0 or above\nUpgrade to FortiAnalyzer version 7.6.5 or above\nUpgrade to FortiAnalyzer version 7.4.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-49784",
        "datePublished": "2026-03-10T16:44:16.287Z",
        "dateReserved": "2025-06-10T09:25:14.083Z",
        "dateUpdated": "2026-03-11T03:56:55.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-41842 (GCVE-0-2023-41842)

    Vulnerability from nvd – Published: 2024-03-12 15:09 – Updated: 2026-01-14 13:46
    VLAI
    Summary
    A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-134 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiPortal Affected: 6.0.0 , ≤ 6.0.14 (semver)
    Affected: 5.3.0 , ≤ 5.3.8 (semver)
        cpe:2.3:a:fortinet:fortiportal:6.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAnalyzer-BigData Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.1 , ≤ 7.0.6 (semver)
    Affected: 6.4.5 , ≤ 6.4.7 (semver)
    Affected: 6.2.5
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.2.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.4.0 , ≤ 7.4.1 (semver)
    Affected: 7.2.0 , ≤ 7.2.3 (semver)
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.15 (semver)
    Affected: 6.2.0 , ≤ 6.2.13 (semver)
        cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiManager Affected: 7.4.0 , ≤ 7.4.1 (semver)
    Affected: 7.2.0 , ≤ 7.2.3 (semver)
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.15 (semver)
    Affected: 6.2.0 , ≤ 6.2.13 (semver)
        cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortimanager Affected: 7.4.0 , ≤ 7.4.1 (semver)
    Affected: 7.2.0 , ≤ 7.2.3 (semver)
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.14 (semver)
    Affected: 6.2.0 , ≤ 6.2.12 (semver)
        cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortianalyzer Affected: 7.4.0 , ≤ 7.4.1 (semver)
    Affected: 7.2.0 , ≤ 7.2.3 (semver)
    Affected: 6.4.0 , ≤ 6.4.14 (semver)
    Affected: 6.2.0 , ≤ 6.2.12 (semver)
        cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortiportal Affected: 6.0.0 , ≤ 6.0.14 (semver)
    Affected: 5.3.0 , ≤ 5.3.8 (semver)
        cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.300Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-304",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-304"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "fortimanager",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "7.4.1",
                    "status": "affected",
                    "version": "7.4.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "7.2.3",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "7.0.9",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "6.4.14",
                    "status": "affected",
                    "version": "6.4.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "6.2.12",
                    "status": "affected",
                    "version": "6.2.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "fortianalyzer",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "7.4.1",
                    "status": "affected",
                    "version": "7.4.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "7.2.3",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "6.4.14",
                    "status": "affected",
                    "version": "6.4.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "6.2.12",
                    "status": "affected",
                    "version": "6.2.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "fortiportal",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "6.0.14",
                    "status": "affected",
                    "version": "6.0.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "5.3.8",
                    "status": "affected",
                    "version": "5.3.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41842",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-22T14:15:41.817688Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T18:09:17.558Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiportal:6.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPortal",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "6.0.14",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.8",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.2.5:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer-BigData",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.7",
                  "status": "affected",
                  "version": "6.4.5",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.5"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.3",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.15",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.13",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.3",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.15",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.13",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet  allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-134",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T13:46:06.714Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-304",
              "url": "https://fortiguard.com/psirt/FG-IR-23-304"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiPortal version 6.0.15 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.4.0 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.2.6 or above \nPlease upgrade to FortiManager version 7.4.2 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiManager version 7.0.10 or above \n\nPlease upgrade to FortiAnalyzer version 7.4.2 or above\nPlease upgrade to FortiAnalyzer version 7.2.4 or above\nPlease upgrade to FortiAnalyzer version 7.0.10 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-41842",
        "datePublished": "2024-03-12T15:09:16.279Z",
        "dateReserved": "2023-09-04T08:12:52.814Z",
        "dateUpdated": "2026-01-14T13:46:06.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-49784 (GCVE-0-2025-49784)

    Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-11 03:56
    VLAI
    Summary
    An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAnalyzer-BigData Affected: 7.6.0
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.6.0 , ≤ 7.6.3 (semver)
        cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49784",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T03:56:55.482Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.6.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer-BigData",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:F/RL:T/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:16.287Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-095",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-095"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAnalyzer-BigData version 7.6.1 or above\nUpgrade to FortiAnalyzer-BigData version 7.4.5 or above\nUpgrade to upcoming  FortiAnalyzer version 8.0.0 or above\nUpgrade to FortiAnalyzer version 7.6.5 or above\nUpgrade to FortiAnalyzer version 7.4.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-49784",
        "datePublished": "2026-03-10T16:44:16.287Z",
        "dateReserved": "2025-06-10T09:25:14.083Z",
        "dateUpdated": "2026-03-11T03:56:55.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-41842 (GCVE-0-2023-41842)

    Vulnerability from cvelistv5 – Published: 2024-03-12 15:09 – Updated: 2026-01-14 13:46
    VLAI
    Summary
    A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-134 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiPortal Affected: 6.0.0 , ≤ 6.0.14 (semver)
    Affected: 5.3.0 , ≤ 5.3.8 (semver)
        cpe:2.3:a:fortinet:fortiportal:6.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:5.3.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAnalyzer-BigData Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.1 , ≤ 7.0.6 (semver)
    Affected: 6.4.5 , ≤ 6.4.7 (semver)
    Affected: 6.2.5
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.2.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.4.0 , ≤ 7.4.1 (semver)
    Affected: 7.2.0 , ≤ 7.2.3 (semver)
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.15 (semver)
    Affected: 6.2.0 , ≤ 6.2.13 (semver)
        cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiManager Affected: 7.4.0 , ≤ 7.4.1 (semver)
    Affected: 7.2.0 , ≤ 7.2.3 (semver)
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.15 (semver)
    Affected: 6.2.0 , ≤ 6.2.13 (semver)
        cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortimanager Affected: 7.4.0 , ≤ 7.4.1 (semver)
    Affected: 7.2.0 , ≤ 7.2.3 (semver)
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.14 (semver)
    Affected: 6.2.0 , ≤ 6.2.12 (semver)
        cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortianalyzer Affected: 7.4.0 , ≤ 7.4.1 (semver)
    Affected: 7.2.0 , ≤ 7.2.3 (semver)
    Affected: 6.4.0 , ≤ 6.4.14 (semver)
    Affected: 6.2.0 , ≤ 6.2.12 (semver)
        cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fortinet fortiportal Affected: 6.0.0 , ≤ 6.0.14 (semver)
    Affected: 5.3.0 , ≤ 5.3.8 (semver)
        cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.300Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-304",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-304"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "fortimanager",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "7.4.1",
                    "status": "affected",
                    "version": "7.4.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "7.2.3",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "7.0.9",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "6.4.14",
                    "status": "affected",
                    "version": "6.4.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "6.2.12",
                    "status": "affected",
                    "version": "6.2.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "fortianalyzer",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "7.4.1",
                    "status": "affected",
                    "version": "7.4.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "7.2.3",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "6.4.14",
                    "status": "affected",
                    "version": "6.4.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "6.2.12",
                    "status": "affected",
                    "version": "6.2.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "fortiportal",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThanOrEqual": "6.0.14",
                    "status": "affected",
                    "version": "6.0.0",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "5.3.8",
                    "status": "affected",
                    "version": "5.3.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41842",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-22T14:15:41.817688Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T18:09:17.558Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiportal:6.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:5.3.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPortal",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "6.0.14",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.8",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzer-bigdata:6.2.5:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer-BigData",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.7",
                  "status": "affected",
                  "version": "6.4.5",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.5"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.3",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.15",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.13",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.3",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.15",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.13",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet  allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-134",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T13:46:06.714Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-304",
              "url": "https://fortiguard.com/psirt/FG-IR-23-304"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiPortal version 6.0.15 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.4.0 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.2.6 or above \nPlease upgrade to FortiManager version 7.4.2 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiManager version 7.0.10 or above \n\nPlease upgrade to FortiAnalyzer version 7.4.2 or above\nPlease upgrade to FortiAnalyzer version 7.2.4 or above\nPlease upgrade to FortiAnalyzer version 7.0.10 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-41842",
        "datePublished": "2024-03-12T15:09:16.279Z",
        "dateReserved": "2023-09-04T08:12:52.814Z",
        "dateUpdated": "2026-01-14T13:46:06.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }