Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for fortiextender_firmware by fortinet

    CVE-2025-64153 (GCVE-0-2025-64153)

    Vulnerability from nvd – Published: 2025-12-09 17:18 – Updated: 2026-01-14 09:17
    VLAI
    Summary
    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiExtender Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.7 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.0 , ≤ 7.0.5 (semver)
        cpe:2.3:a:fortinet:fortiextender:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64153",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T20:21:16.823596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T20:43:33.205Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiextender:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiExtender",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.7",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.5",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T09:17:27.371Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-739",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-739"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiExtender version 7.6.4 or above\nUpgrade to FortiExtender version 7.4.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-64153",
        "datePublished": "2025-12-09T17:18:45.909Z",
        "dateReserved": "2025-10-28T12:26:50.749Z",
        "dateUpdated": "2026-01-14T09:17:27.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-46776 (GCVE-0-2025-46776)

    Vulnerability from nvd – Published: 2025-11-18 17:01 – Updated: 2026-01-14 09:17
    VLAI
    Summary
    A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiExtender Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.6 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.0 , ≤ 7.0.5 (semver)
        cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46776",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T18:33:55.201822Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T18:34:05.679Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiExtender",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.5",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer copy without checking size of input (\u0027classic buffer overflow\u0027) vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T09:17:05.351Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-251",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-251"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiExtender version 7.6.3 or above\nUpgrade to FortiExtender version 7.4.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-46776",
        "datePublished": "2025-11-18T17:01:17.437Z",
        "dateReserved": "2025-04-29T08:42:13.449Z",
        "dateUpdated": "2026-01-14T09:17:05.351Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-46775 (GCVE-0-2025-46775)

    Vulnerability from nvd – Published: 2025-11-18 17:01 – Updated: 2026-01-14 09:15
    VLAI
    Summary
    A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiExtender Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.6 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.0 , ≤ 7.0.5 (semver)
        cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46775",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T18:33:30.741688Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T18:33:37.068Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiExtender",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.5",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1295",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T09:15:50.464Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-259",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-259"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiExtender version 7.6.3 or above\nUpgrade to FortiExtender version 7.4.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-46775",
        "datePublished": "2025-11-18T17:01:17.364Z",
        "dateReserved": "2025-04-29T08:42:13.449Z",
        "dateUpdated": "2026-01-14T09:15:50.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23663 (GCVE-0-2024-23663)

    Vulnerability from nvd – Published: 2024-07-09 15:33 – Updated: 2024-08-01 23:06
    VLAI
    Summary
    An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiExtender Affected: 7.4.0 , ≤ 7.4.2 (semver)
    Affected: 7.2.0 , ≤ 7.2.4 (semver)
    Affected: 7.0.0 , ≤ 7.0.4 (semver)
    Create a notification for this product.
    fortinet fortiextender Affected: 7.4.0 , < 7.4.2 (custom)
    Affected: 7.2.0 , < 7.2.4 (custom)
    Affected: 7.0.0 , < 7.0.4 (custom)
        cpe:2.3:h:fortinet:fortiextender:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:fortinet:fortiextender:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortiextender",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThan": "7.4.2",
                    "status": "affected",
                    "version": "7.4.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.2.4",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.0.4",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23663",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T17:43:01.015107Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T17:44:51.463Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:06:25.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-459",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-459"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiExtender",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.4",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.4",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T15:33:31.512Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-459",
              "url": "https://fortiguard.com/psirt/FG-IR-23-459"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiExtender version 7.4.3 or above \nPlease upgrade to FortiExtender version 7.2.5 or above \nPlease upgrade to FortiExtender version 7.0.5 or above \n"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2024-23663",
        "datePublished": "2024-07-09T15:33:31.512Z",
        "dateReserved": "2024-01-19T08:23:28.612Z",
        "dateUpdated": "2024-08-01T23:06:25.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23447 (GCVE-0-2022-23447)

    Vulnerability from nvd – Published: 2023-07-11 16:52 – Updated: 2024-10-23 14:25
    VLAI
    Summary
    An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiExtender Affected: 7.0.0 , ≤ 7.0.3 (semver)
    Affected: 5.3.2
    Affected: 4.2.0 , ≤ 4.2.4 (semver)
    Affected: 4.1.1 , ≤ 4.1.8 (semver)
    Affected: 4.0.0 , ≤ 4.0.2 (semver)
    Affected: 3.3.0 , ≤ 3.3.2 (semver)
    Affected: 3.2.1 , ≤ 3.2.3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:43:46.110Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-22-039",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-22-039"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-23447",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:15:33.419696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T14:25:28.182Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiExtender",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "5.3.2"
                },
                {
                  "lessThanOrEqual": "4.2.4",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.1.8",
                  "status": "affected",
                  "version": "4.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.0.2",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "3.3.2",
                  "status": "affected",
                  "version": "3.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "3.2.3",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027) vulnerability [CWE-22] in FortiExtender management interface  7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve\u00a0arbitrary files from the underlying filesystem via specially crafted web requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T16:52:42.353Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-22-039",
              "url": "https://fortiguard.com/psirt/FG-IR-22-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiExtender version 7.2.0 or above Please upgrade to FortiExtender version 7.0.4 or above Please upgrade to FortiExtender version 4.2.5 or above Please upgrade to FortiExtender version 4.1.9 or above Please upgrade to FortiExtender version 4.0.3 or above Please upgrade to FortiExtender version 3.3.3 or above Please upgrade to FortiExtender version 3.2.4 or above "
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2022-23447",
        "datePublished": "2023-07-11T16:52:42.353Z",
        "dateReserved": "2022-01-19T07:38:03.514Z",
        "dateUpdated": "2024-10-23T14:25:28.182Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27489 (GCVE-0-2022-27489)

    Vulnerability from nvd – Published: 2023-02-16 18:06 – Updated: 2024-10-23 14:46
    VLAI
    Summary
    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiExtender Affected: 7.0.0 , ≤ 7.0.3 (semver)
    Affected: 5.3.2
    Affected: 4.2.0 , ≤ 4.2.4 (semver)
    Affected: 4.1.1 , ≤ 4.1.8 (semver)
    Affected: 4.0.0 , ≤ 4.0.2 (semver)
    Affected: 3.3.0 , ≤ 3.3.2 (semver)
    Affected: 3.2.1 , ≤ 3.2.3 (semver)
    Affected: 3.1.0 , ≤ 3.1.2 (semver)
    Affected: 3.0.0 , ≤ 3.0.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:57.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-22-048",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-22-048"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27489",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:11:42.419938Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T14:46:25.263Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiExtender",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "5.3.2"
                },
                {
                  "lessThanOrEqual": "4.2.4",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.1.8",
                  "status": "affected",
                  "version": "4.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.0.2",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "3.3.2",
                  "status": "affected",
                  "version": "3.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "3.2.3",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "3.1.2",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "3.0.2",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-16T18:06:40.150Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-22-048",
              "url": "https://fortiguard.com/psirt/FG-IR-22-048"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiExtender version 7.2.0 and above\r\nUpgrade to FortiExtender version 7.0.4 and above\r\nUpgrade to FortiExtender upcoming version 4.2.5 and above\r\nUpgrade to FortiExtender upcoming version 4.1.9 and above\r\nUpgrade to FortiExtender upcoming version 4.0.3 and above\r\nUpgrade to FortiExtender version 3.3.3 and above\r\nUpgrade to FortiExtender version 3.2.4 and above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2022-27489",
        "datePublished": "2023-02-16T18:06:40.150Z",
        "dateReserved": "2022-03-21T16:03:48.575Z",
        "dateUpdated": "2024-10-23T14:46:25.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41016 (GCVE-0-2021-41016)

    Vulnerability from nvd – Published: 2022-02-02 10:58 – Updated: 2024-10-25 13:36
    VLAI
    Summary
    A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://fortiguard.com/advisory/FG-IR-21-148 x_refsource_CONFIRM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:59:31.059Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/advisory/FG-IR-21-148"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-41016",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:12:59.113972Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:36:06.405Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in a command (\u0027command injection\u0027) in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 7.4,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-02T10:58:37.000Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-21-148"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@fortinet.com",
              "ID": "CVE-2021-41016",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A improper neutralization of special elements used in a command (\u0027command injection\u0027) in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "availabilityImpact": "High",
                "baseScore": 7.4,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "userInteraction": "None",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fortiguard.com/advisory/FG-IR-21-148",
                  "refsource": "CONFIRM",
                  "url": "https://fortiguard.com/advisory/FG-IR-21-148"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2021-41016",
        "datePublished": "2022-02-02T10:58:37.000Z",
        "dateReserved": "2021-09-13T00:00:00.000Z",
        "dateUpdated": "2024-10-25T13:36:06.405Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-64153 (GCVE-0-2025-64153)

    Vulnerability from cvelistv5 – Published: 2025-12-09 17:18 – Updated: 2026-01-14 09:17
    VLAI
    Summary
    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiExtender Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.7 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.0 , ≤ 7.0.5 (semver)
        cpe:2.3:a:fortinet:fortiextender:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64153",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T20:21:16.823596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T20:43:33.205Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiextender:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiExtender",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.7",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.5",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T09:17:27.371Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-739",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-739"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiExtender version 7.6.4 or above\nUpgrade to FortiExtender version 7.4.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-64153",
        "datePublished": "2025-12-09T17:18:45.909Z",
        "dateReserved": "2025-10-28T12:26:50.749Z",
        "dateUpdated": "2026-01-14T09:17:27.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-46776 (GCVE-0-2025-46776)

    Vulnerability from cvelistv5 – Published: 2025-11-18 17:01 – Updated: 2026-01-14 09:17
    VLAI
    Summary
    A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiExtender Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.6 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.0 , ≤ 7.0.5 (semver)
        cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46776",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T18:33:55.201822Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T18:34:05.679Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiExtender",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.5",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer copy without checking size of input (\u0027classic buffer overflow\u0027) vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T09:17:05.351Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-251",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-251"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiExtender version 7.6.3 or above\nUpgrade to FortiExtender version 7.4.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-46776",
        "datePublished": "2025-11-18T17:01:17.437Z",
        "dateReserved": "2025-04-29T08:42:13.449Z",
        "dateUpdated": "2026-01-14T09:17:05.351Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-46775 (GCVE-0-2025-46775)

    Vulnerability from cvelistv5 – Published: 2025-11-18 17:01 – Updated: 2026-01-14 09:15
    VLAI
    Summary
    A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiExtender Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.6 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.0 , ≤ 7.0.5 (semver)
        cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46775",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T18:33:30.741688Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T18:33:37.068Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiExtender",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.5",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1295",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T09:15:50.464Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-259",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-259"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiExtender version 7.6.3 or above\nUpgrade to FortiExtender version 7.4.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-46775",
        "datePublished": "2025-11-18T17:01:17.364Z",
        "dateReserved": "2025-04-29T08:42:13.449Z",
        "dateUpdated": "2026-01-14T09:15:50.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23663 (GCVE-0-2024-23663)

    Vulnerability from cvelistv5 – Published: 2024-07-09 15:33 – Updated: 2024-08-01 23:06
    VLAI
    Summary
    An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiExtender Affected: 7.4.0 , ≤ 7.4.2 (semver)
    Affected: 7.2.0 , ≤ 7.2.4 (semver)
    Affected: 7.0.0 , ≤ 7.0.4 (semver)
    Create a notification for this product.
    fortinet fortiextender Affected: 7.4.0 , < 7.4.2 (custom)
    Affected: 7.2.0 , < 7.2.4 (custom)
    Affected: 7.0.0 , < 7.0.4 (custom)
        cpe:2.3:h:fortinet:fortiextender:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:fortinet:fortiextender:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fortiextender",
                "vendor": "fortinet",
                "versions": [
                  {
                    "lessThan": "7.4.2",
                    "status": "affected",
                    "version": "7.4.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.2.4",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.0.4",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23663",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T17:43:01.015107Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T17:44:51.463Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:06:25.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-23-459",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-23-459"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiExtender",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.4",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.4",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T15:33:31.512Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-459",
              "url": "https://fortiguard.com/psirt/FG-IR-23-459"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiExtender version 7.4.3 or above \nPlease upgrade to FortiExtender version 7.2.5 or above \nPlease upgrade to FortiExtender version 7.0.5 or above \n"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2024-23663",
        "datePublished": "2024-07-09T15:33:31.512Z",
        "dateReserved": "2024-01-19T08:23:28.612Z",
        "dateUpdated": "2024-08-01T23:06:25.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23447 (GCVE-0-2022-23447)

    Vulnerability from cvelistv5 – Published: 2023-07-11 16:52 – Updated: 2024-10-23 14:25
    VLAI
    Summary
    An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiExtender Affected: 7.0.0 , ≤ 7.0.3 (semver)
    Affected: 5.3.2
    Affected: 4.2.0 , ≤ 4.2.4 (semver)
    Affected: 4.1.1 , ≤ 4.1.8 (semver)
    Affected: 4.0.0 , ≤ 4.0.2 (semver)
    Affected: 3.3.0 , ≤ 3.3.2 (semver)
    Affected: 3.2.1 , ≤ 3.2.3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:43:46.110Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-22-039",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-22-039"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-23447",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:15:33.419696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T14:25:28.182Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiExtender",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "5.3.2"
                },
                {
                  "lessThanOrEqual": "4.2.4",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.1.8",
                  "status": "affected",
                  "version": "4.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.0.2",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "3.3.2",
                  "status": "affected",
                  "version": "3.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "3.2.3",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027) vulnerability [CWE-22] in FortiExtender management interface  7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve\u00a0arbitrary files from the underlying filesystem via specially crafted web requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T16:52:42.353Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-22-039",
              "url": "https://fortiguard.com/psirt/FG-IR-22-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiExtender version 7.2.0 or above Please upgrade to FortiExtender version 7.0.4 or above Please upgrade to FortiExtender version 4.2.5 or above Please upgrade to FortiExtender version 4.1.9 or above Please upgrade to FortiExtender version 4.0.3 or above Please upgrade to FortiExtender version 3.3.3 or above Please upgrade to FortiExtender version 3.2.4 or above "
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2022-23447",
        "datePublished": "2023-07-11T16:52:42.353Z",
        "dateReserved": "2022-01-19T07:38:03.514Z",
        "dateUpdated": "2024-10-23T14:25:28.182Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27489 (GCVE-0-2022-27489)

    Vulnerability from cvelistv5 – Published: 2023-02-16 18:06 – Updated: 2024-10-23 14:46
    VLAI
    Summary
    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiExtender Affected: 7.0.0 , ≤ 7.0.3 (semver)
    Affected: 5.3.2
    Affected: 4.2.0 , ≤ 4.2.4 (semver)
    Affected: 4.1.1 , ≤ 4.1.8 (semver)
    Affected: 4.0.0 , ≤ 4.0.2 (semver)
    Affected: 3.3.0 , ≤ 3.3.2 (semver)
    Affected: 3.2.1 , ≤ 3.2.3 (semver)
    Affected: 3.1.0 , ≤ 3.1.2 (semver)
    Affected: 3.0.0 , ≤ 3.0.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:57.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://fortiguard.com/psirt/FG-IR-22-048",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/psirt/FG-IR-22-048"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27489",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:11:42.419938Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T14:46:25.263Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FortiExtender",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "5.3.2"
                },
                {
                  "lessThanOrEqual": "4.2.4",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.1.8",
                  "status": "affected",
                  "version": "4.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.0.2",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "3.3.2",
                  "status": "affected",
                  "version": "3.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "3.2.3",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "3.1.2",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "3.0.2",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-16T18:06:40.150Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-22-048",
              "url": "https://fortiguard.com/psirt/FG-IR-22-048"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiExtender version 7.2.0 and above\r\nUpgrade to FortiExtender version 7.0.4 and above\r\nUpgrade to FortiExtender upcoming version 4.2.5 and above\r\nUpgrade to FortiExtender upcoming version 4.1.9 and above\r\nUpgrade to FortiExtender upcoming version 4.0.3 and above\r\nUpgrade to FortiExtender version 3.3.3 and above\r\nUpgrade to FortiExtender version 3.2.4 and above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2022-27489",
        "datePublished": "2023-02-16T18:06:40.150Z",
        "dateReserved": "2022-03-21T16:03:48.575Z",
        "dateUpdated": "2024-10-23T14:46:25.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41016 (GCVE-0-2021-41016)

    Vulnerability from cvelistv5 – Published: 2022-02-02 10:58 – Updated: 2024-10-25 13:36
    VLAI
    Summary
    A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://fortiguard.com/advisory/FG-IR-21-148 x_refsource_CONFIRM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:59:31.059Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://fortiguard.com/advisory/FG-IR-21-148"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-41016",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T14:12:59.113972Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:36:06.405Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in a command (\u0027command injection\u0027) in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 7.4,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-02T10:58:37.000Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-21-148"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@fortinet.com",
              "ID": "CVE-2021-41016",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A improper neutralization of special elements used in a command (\u0027command injection\u0027) in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "availabilityImpact": "High",
                "baseScore": 7.4,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "userInteraction": "None",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fortiguard.com/advisory/FG-IR-21-148",
                  "refsource": "CONFIRM",
                  "url": "https://fortiguard.com/advisory/FG-IR-21-148"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2021-41016",
        "datePublished": "2022-02-02T10:58:37.000Z",
        "dateReserved": "2021-09-13T00:00:00.000Z",
        "dateUpdated": "2024-10-25T13:36:06.405Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }