Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CERTFR-2025-AVI-1023

Vulnerability from certfr_avis - Published: 2025-11-19 - Updated: 2025-11-19

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Fortinet indique que la vulnérabilité CVE-2025-58034 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.8
Fortinet	FortiOS	FortiOS versions antérieures à 7.6.4
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.4
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.3
Fortinet	N/A	FortiExtender versions antérieures à 7.4.8
Fortinet	FortiSASE	FortiSASE versions antérieures à 25.3.c
Fortinet	FortiClient	FortiClientWindows versions antérieures à 7.2.11
Fortinet	FortiClient	FortiClientWindows versions 7.4.x antérieures à 7.4.4
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.8
Fortinet	FortiSandbox	FortiSandbox versions 5.0.x antérieures à 5.0.2
Fortinet	FortiMail	FortiMail versions antérieures à 7.4.6 (à venir)
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.6.1
Fortinet	FortiADC	FortiADC versions 7.6.x antérieures à 7.6.4
Fortinet	FortiWeb	FortiWeb versions 8.0.x antérieures à 8.0.2
Fortinet	FortiADC	FortiADC versions 8.0.x antérieures à 8.0.1
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.6.4
Fortinet	N/A	FortiExtender versions 7.6.x antérieures à 7.6.3
Fortinet	FortiSandbox	FortiSandbox versions à 4.4.8
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.6.6

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-25-259	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-125	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-112	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-358	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-686	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-513	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-789	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-632	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-501	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-545	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-634	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-736	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-844	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-251	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-666	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-843	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-225	2025-11-18	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSASE versions ant\u00e9rieures \u00e0 25.3.c",
      "product": {
        "name": "FortiSASE",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.2.11",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.6 (\u00e0 venir)",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.6.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 8.0.x ant\u00e9rieures \u00e0 8.0.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions \u00e0 4.4.8",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-46215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46215"
    },
    {
      "name": "CVE-2025-58412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58412"
    },
    {
      "name": "CVE-2025-54821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54821"
    },
    {
      "name": "CVE-2025-46776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46776"
    },
    {
      "name": "CVE-2025-46775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46775"
    },
    {
      "name": "CVE-2025-59669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59669"
    },
    {
      "name": "CVE-2025-54660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54660"
    },
    {
      "name": "CVE-2025-47761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47761"
    },
    {
      "name": "CVE-2025-48839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48839"
    },
    {
      "name": "CVE-2025-53843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53843"
    },
    {
      "name": "CVE-2025-61713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61713"
    },
    {
      "name": "CVE-2025-54971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54971"
    },
    {
      "name": "CVE-2025-58692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58692"
    },
    {
      "name": "CVE-2025-54972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54972"
    },
    {
      "name": "CVE-2025-58413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58413"
    },
    {
      "name": "CVE-2025-58034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58034"
    },
    {
      "name": "CVE-2025-46373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46373"
    }
  ],
  "initial_release_date": "2025-11-19T00:00:00",
  "last_revision_date": "2025-11-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1023",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-58034 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-259",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-259"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-125",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-125"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-112",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-112"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-358",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-358"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-686",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-686"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-513",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-513"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-789",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-789"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-632",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-632"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-501",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-501"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-545",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-545"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-634",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-634"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-736",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-736"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-844",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-844"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-251",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-251"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-666",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-666"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-843",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-843"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-225",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-225"
    }
  ]
}

CERTFR-2025-AVI-0871

Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiDLP	FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x
Fortinet	FortiADC	FortiADC toutes versions 6.2.x et 7.0.x
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10
Fortinet	FortiTester	FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.4
Fortinet	FortiVoice	FortiVoice versions 6.0.7 à 6.0.12
Fortinet	FortiClient	FortiClientMac toutes versions 7.0.x
Fortinet	FortiSOAR	FortiSOAR on-premise toutes versions 7.3.x et 7.4.x
Fortinet	FortiSIEM	FortiSIEM versions 7.2.x antérieures à 7.2.3
Fortinet	FortiPAM	FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x
Fortinet	FortiSRA	FortiSRA versions 1.5.x antérieures à 1.5.1
Fortinet	FortiWeb	FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x
Fortinet	FortiDLP	FortiDLP versions 12.2.x et antérieures à 12.2.3
Fortinet	FortiManager	FortiManager Cloud versions 7.6.x antérieures à 7.6.3
Fortinet	FortiSOAR	FortiSOAR on-premise versions 7.6.x antérieures à 7.6.2
Fortinet	FortiNDR	FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x
Fortinet	FortiClient	FortiClientWindows versions 7.4.x antérieures à 7.4.4
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.10
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.7
Fortinet	FortiClient	FortiClientWindows versions 7.2.x antérieures à 7.2.12
Fortinet	FortiManager	FortiManager Cloud toutes versions 6.4.x
Fortinet	FortiPAM	FortiPAM versions 1.4.x antérieures à 1.4.3
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10
Fortinet	FortiPAM	FortiPAM versions 1.5.x antérieures à 1.5.1
Fortinet	FortiSIEM	FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.7
Fortinet	FortiSRA	FortiSRA versions 1.4.x antérieures à 1.4.3
Fortinet	FortiRecorder	FortiRecorder versions 7.0.x antérieures à 7.0.5
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.5
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.4
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.6.x antérieures à 7.6.4
Fortinet	FortiClient	FortiClientWindows toutes versions 7.0.x
Fortinet	FortiIsolator	FortiIsolator versions 2.4.x antérieures à 2.4.5
Fortinet	FortiTester	FortiTester version 7.4 antérieures à 7.4.3
Fortinet	FortiVoice	FortiVoice versions 6.4.x antérieures à 6.4.10
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6
Fortinet	FortiOS	FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x
Fortinet	FortiIsolator	FortiIsolator toutes versions 2.3.x
Fortinet	FortiADC	FortiADC versions 7.1.x antérieures à 7.1.5
Fortinet	FortiProxy	FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud toutes versions 6.4.x
Fortinet	FortiAnalyzer	FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x
Fortinet	FortiSwitch	FortiSwitchManager versions 7.2.x antérieures à 7.2.6
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.14
Fortinet	FortiManager	FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.1
Fortinet	FortiNDR	FortiNDR versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.4
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.9
Fortinet	FortiSwitch	FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.3
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet	FortiClient	FortiClientMac versions 7.4.x antérieures à 7.4.4
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14
Fortinet	FortiClient	FortiClientMac versions 7.2.x antérieures à 7.2.12
Fortinet	FortiSOAR	FortiSOAR on-premise versions 7.5.x antérieures à 7.5.2

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-372	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-412	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-228	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-280	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-685	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-452	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-487	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-639	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-037	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-684	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-354	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-041	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-198	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-160	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-361	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-861	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-542	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-771	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-010	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-378	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-442	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-664	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-756	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-126	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-628	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-457	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-062	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-546	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-653	2025-10-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x",
      "product": {
        "name": "FortiDLP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC toutes versions 6.2.x et 7.0.x",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.0.7 \u00e0 6.0.12",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise toutes versions 7.3.x et 7.4.x",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDLP versions 12.2.x et ant\u00e9rieures \u00e0 12.2.3",
      "product": {
        "name": "FortiDLP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud toutes versions 6.4.x",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.5",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester version 7.4 ant\u00e9rieures \u00e0  7.4.3",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator toutes versions 2.3.x",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud toutes versions 6.4.x",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.5.x ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-58325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58325"
    },
    {
      "name": "CVE-2025-46752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46752"
    },
    {
      "name": "CVE-2025-31365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31365"
    },
    {
      "name": "CVE-2025-49201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49201"
    },
    {
      "name": "CVE-2025-54822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54822"
    },
    {
      "name": "CVE-2025-57741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57741"
    },
    {
      "name": "CVE-2025-58903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58903"
    },
    {
      "name": "CVE-2025-31514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31514"
    },
    {
      "name": "CVE-2025-25253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25253"
    },
    {
      "name": "CVE-2024-33507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33507"
    },
    {
      "name": "CVE-2025-25255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25255"
    },
    {
      "name": "CVE-2023-46718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46718"
    },
    {
      "name": "CVE-2025-47890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47890"
    },
    {
      "name": "CVE-2025-54988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
    },
    {
      "name": "CVE-2024-26008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26008"
    },
    {
      "name": "CVE-2025-25252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25252"
    },
    {
      "name": "CVE-2024-48891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48891"
    },
    {
      "name": "CVE-2025-59921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59921"
    },
    {
      "name": "CVE-2025-53951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53951"
    },
    {
      "name": "CVE-2025-53950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53950"
    },
    {
      "name": "CVE-2025-58324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58324"
    },
    {
      "name": "CVE-2025-53845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53845"
    },
    {
      "name": "CVE-2024-50571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50571"
    },
    {
      "name": "CVE-2025-46774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46774"
    },
    {
      "name": "CVE-2025-31366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31366"
    },
    {
      "name": "CVE-2025-57716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57716"
    },
    {
      "name": "CVE-2024-47569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47569"
    },
    {
      "name": "CVE-2025-22258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22258"
    },
    {
      "name": "CVE-2025-57740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57740"
    },
    {
      "name": "CVE-2025-54973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54973"
    },
    {
      "name": "CVE-2025-54658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54658"
    }
  ],
  "initial_release_date": "2025-10-15T00:00:00",
  "last_revision_date": "2025-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0871",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-372",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-372"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-412",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-412"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-228",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-228"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-280",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-280"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-685",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-685"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-452",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-452"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-487",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-487"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-639",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-639"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-037",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-037"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-684",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-684"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-354",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-354"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-041",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-041"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-198",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-198"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-160",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-160"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-361",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-361"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-861",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-861"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-542",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-542"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-771",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-771"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-010",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-010"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-378",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-378"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-442",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-442"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-664",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-664"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-756",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-756"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-126",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-126"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-628",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-628"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-457",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-457"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-062",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-062"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-546",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-546"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-653",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-653"
    }
  ]
}

CERTFR-2025-AVI-0679

Vulnerability from certfr_avis - Published: 2025-08-13 - Updated: 2025-08-13

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.

Fortinet indique avoir connaissance de code d'exploitation public pour la vulnérabilité CVE-2025-25256.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.3
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 7.0.5
Fortinet	FortiMail	FortiMail versions antérieures à 7.4.4
Fortinet	FortiSIEM	FortiSIEM versions 7.1.x antérieures à 7.1.8
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiManager	FortiManager versions antérieures à 7.0.14
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.4.7
Fortinet	FortiNDR	FortiNDR versions 7.6.x antérieures à 7.6.1
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.7
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.4
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.10
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.11
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.5.2
Fortinet	FortiOS	FortiOS versions antérieures à 7.4.8
Fortinet	FortiPAM	FortiPAM versions 1.5.x antérieures à 1.5.1
Fortinet	FortiCamera	FortiCamera versions 2.1.x toutes versions
Fortinet	FortiWeb	FortiWeb versions 7.0.x antérieures à 7.0.11
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.4.3
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.4
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.9
Fortinet	FortiManager	FortiManager Cloud versions antérieures à 7.2.10
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.3
Fortinet	FortiSIEM	FortiSIEM versions 7.3.x antérieures à 7.3.2
Fortinet	FortiSIEM	FortiSIEM versions 7.2.x antérieures à 7.2.6
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 6.7.10
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.1
Fortinet	FortiSIEM	FortiSIEM versions 7.0.x antérieures à 7.0.4
Fortinet	FortiCamera	FortiCamera versions antérieures à 2.0.1
Fortinet	FortiManager	FortiManager Cloud versions 7.4.x antérieures à 7.4.6
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.4.4
Fortinet	FortiVoice	FortiVoice versions antérieures à 6.4.10
Fortinet	FortiADC	FortiADC versions antérieures à 7.1.2
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet	FortiSOAR	FortiSOAR versions 7.6.x antérieures à 7.6.2

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-25-501	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-421	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-173	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-152	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-042	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-150	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-383	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-364	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-253	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-309	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-513	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-448	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-473	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-209	2025-08-12	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.1.x ant\u00e9rieures \u00e0 7.1.8",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions 2.1.x toutes versions",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions  ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.7.10",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.0.1",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-25248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25248"
    },
    {
      "name": "CVE-2025-47857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47857"
    },
    {
      "name": "CVE-2025-32766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32766"
    },
    {
      "name": "CVE-2024-48892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48892"
    },
    {
      "name": "CVE-2025-53744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53744"
    },
    {
      "name": "CVE-2024-52964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52964"
    },
    {
      "name": "CVE-2025-49813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49813"
    },
    {
      "name": "CVE-2025-25256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25256"
    },
    {
      "name": "CVE-2025-52970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52970"
    },
    {
      "name": "CVE-2025-27759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27759"
    },
    {
      "name": "CVE-2025-32932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32932"
    },
    {
      "name": "CVE-2024-26009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26009"
    },
    {
      "name": "CVE-2024-40588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40588"
    },
    {
      "name": "CVE-2023-45584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45584"
    }
  ],
  "initial_release_date": "2025-08-13T00:00:00",
  "last_revision_date": "2025-08-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0679",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique avoir connaissance de code d\u0027exploitation public pour la vuln\u00e9rabilit\u00e9 CVE-2025-25256.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-501",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-501"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-421",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-421"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-173",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-173"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-152",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-152"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-042",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-042"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-150",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-150"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-383",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-383"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-364",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-364"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-253",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-253"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-309",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-309"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-513",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-513"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-448",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-448"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-473",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-473"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-209",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-209"
    }
  ]
}

CERTFR-2025-AVI-0399

Vulnerability from certfr_avis - Published: 2025-05-13 - Updated: 2025-05-13

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Fortinet indique que la vulnérabilité CVE-2025-32756 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClientMac versions 7.4.x antérieures à 7.4.3
Fortinet	FortiPortal	FortiPortal versions 7.0.x antérieures à 7.0.10
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.5
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.7
Fortinet	FortiNDR	FortiNDR versions 7.1.x à 7.2.x antérieures à 7.2.5
Fortinet	FortiNDR	FortiNDR versions 7.6.x antérieures à 7.6.1
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.2
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.3
Fortinet	FortiClientEMS	FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.3
Fortinet	FortiRecorder	FortiRecorder versions 7.0.x antérieures à 7.0.6
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.8
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.1
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.4
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.0.7
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.8
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.2
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.7
Fortinet	FortiClient	FortiClientMac versions 7.x antérieures à 7.2.9
Fortinet	FortiRecorder	FortiRecorder versions 6.4.x antérieures à 6.4.6
Fortinet	FortiClient	FortiClientWindows versions 7.2.x antérieures à 7.2.2
Fortinet	FortiCamera	FortiCamera versions antérieures à 2.1.4
Fortinet	FortiPortal	FortiPortal versions 7.4.x antérieures à 7.4.2
Fortinet	FortiClientEMS	FortiClientEMS versions 7.4.x antérieures à 7.4.3
Fortinet	FortiSwitch	FortiSwitchManager versions 7.2.x antérieures à 7.2.6
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.15
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.8
Fortinet	FortiVoice	FortiVoiceUCDesktop versions antérieures à 7.0
Fortinet	FortiVoice	FortiVoice versions 6.4.x antérieures à 6.4.11
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.8
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.9
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.6

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-472	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-552	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-381	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-548	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-025	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-388	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-380	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-016	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-254	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-023	2025-05-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.1.4",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceUCDesktop versions ant\u00e9rieures \u00e0 7.0",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-25251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25251"
    },
    {
      "name": "CVE-2025-47294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47294"
    },
    {
      "name": "CVE-2025-24473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24473"
    },
    {
      "name": "CVE-2024-54020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54020"
    },
    {
      "name": "CVE-2025-46777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46777"
    },
    {
      "name": "CVE-2024-35281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35281"
    },
    {
      "name": "CVE-2025-32756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"
    },
    {
      "name": "CVE-2025-22252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22252"
    },
    {
      "name": "CVE-2025-47295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47295"
    },
    {
      "name": "CVE-2025-22859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22859"
    }
  ],
  "initial_release_date": "2025-05-13T00:00:00",
  "last_revision_date": "2025-05-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0399",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-32756 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-472",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-472"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-552",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-552"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-381",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-381"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-548",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-548"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-025",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-025"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-388",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-388"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-380",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-380"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-016",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-016"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-254"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-023"
    }
  ]
}

CERTFR-2025-AVI-0259

Vulnerability from certfr_avis - Published: 2025-04-01 - Updated: 2025-04-01

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiDDoS	FortiDDoS versions antérieures à 5.4.3
Fortinet	FortiDDoS-CM	FortiDDOS-CM versions antérieures à 5.4.1
Fortinet	FortiMail	FortiMail versions 6.4.x antérieures à 6.4.2
Fortinet	FortiVoice	FortiVoice versions antérieures à 6.0.7
Fortinet	FortiMail	FortiMail versions 6.2.x antérieures à 6.2.5
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 6.0.4
Fortinet	FortiMail	FortiMail versions antérieures à 6.0.10

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-20-105

2025-03-28

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.4.3",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDOS-CM versions ant\u00e9rieures \u00e0 5.4.1",
      "product": {
        "name": "FortiDDoS-CM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.0.7",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.2.x ant\u00e9rieures \u00e0 6.2.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 6.0.4",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 6.0.10",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2021-24008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-24008"
    },
    {
      "name": "CVE-2020-15933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15933"
    }
  ],
  "initial_release_date": "2025-04-01T00:00:00",
  "last_revision_date": "2025-04-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0259",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-03-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-105",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-105"
    }
  ]
}

CERTFR-2025-AVI-0197

Vulnerability from certfr_avis - Published: 2025-03-12 - Updated: 2025-03-12

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiMail	FortiMail versions antérieures à 7.4.4
Fortinet	FortiNDR	FortiNDR versions 7.1.x antérieures à 7.1.2
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiADC	FortiADC versions antérieures à 7.1.4
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.2.6
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.2.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.6
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.4
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.20
Fortinet	N/A	FortiSRA versions 1.4.x antérieures à 1.4.3
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.3
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.3.2
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.13
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.7
Fortinet	FortiPAM	FortiPAM versions 1.4.x antérieures à 1.4.3
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.4
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.1
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.2
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.16
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.0.6
Fortinet	FortiNDR	FortiNDR versions 7.2.x antérieures à 7.2.2
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.6.1
Fortinet	FortiOS	FortiOS versions antérieures à 6.4.16
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiIsolator versions 2.4.x antérieures à 2.4.6
Fortinet	FortiSandbox	FortiSandbox versions 5.0.x antérieures à 5.0.1
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.4.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-261	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-130	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-439	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-327	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-124	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-306	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-216	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-110	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-117	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-377	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-353	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-305	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-178	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-115	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-325	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-331	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-353	2025-03-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.3.2",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-54026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54026"
    },
    {
      "name": "CVE-2024-45328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45328"
    },
    {
      "name": "CVE-2024-46663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46663"
    },
    {
      "name": "CVE-2024-54018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54018"
    },
    {
      "name": "CVE-2024-54027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54027"
    },
    {
      "name": "CVE-2023-42784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42784"
    },
    {
      "name": "CVE-2023-48790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48790"
    },
    {
      "name": "CVE-2024-32123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32123"
    },
    {
      "name": "CVE-2024-55590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55590"
    },
    {
      "name": "CVE-2024-52960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52960"
    },
    {
      "name": "CVE-2023-40723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40723"
    },
    {
      "name": "CVE-2023-37933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37933"
    },
    {
      "name": "CVE-2024-55597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55597"
    },
    {
      "name": "CVE-2024-55592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55592"
    },
    {
      "name": "CVE-2024-33501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33501"
    },
    {
      "name": "CVE-2024-52961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52961"
    },
    {
      "name": "CVE-2024-45324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45324"
    },
    {
      "name": "CVE-2024-55594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55594"
    }
  ],
  "initial_release_date": "2025-03-12T00:00:00",
  "last_revision_date": "2025-03-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0197",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-261",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-261"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-130",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-130"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-439",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-439"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-327",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-327"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-124",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-124"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-306",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-306"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-216",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-216"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-110",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-110"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-117",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-117"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-377",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-377"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-353",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-353"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-305",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-305"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-178",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-178"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-115",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-115"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-325",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-325"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-331",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-331"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-353",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-353"
    }
  ]
}

CERTFR-2025-AVI-0031

Vulnerability from certfr_avis - Published: 2025-01-15 - Updated: 2025-01-15

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClientMac versions antérieures à 7.2.5
Fortinet	FortiDDoS-F	FortiDDoS-F versions antérieures à 6.3.3
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.6.x antérieures à 7.6.2
Fortinet	FortiOS	FortiOS versions antérieures à 7.6.1 pour la vulnérabilité CVE-2024-52963
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 7.0.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.6
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.13
Fortinet	FortiSOAR	FortiSOAR versions 7.4.x antérieures à 7.4.5
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiSOAR	Connecteur IMAP pour FortiSOAR versions antérieures à 3.5.8
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.4
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.16
Fortinet	FortiPortal	FortiPortal versions 7.0.x antérieures à 7.0.9
Fortinet	FortiWLC	FortiWLC versions 8.6.x antérieures à 8.6.6
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.15
Fortinet	FortiClient	FortiClientEMS versions 7.4.x antérieures à 7.4.1
Fortinet	FortiClient	FortiClientEMS Cloud versions antérieures à 7.2.5
Fortinet	FortiClient	FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.1
Fortinet	FortiPortal	FortiPortal versions 6.0.x antérieures à 6.0.15
Fortinet	FortiClient	FortiClientMac versions antérieures à 7.4.0
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiMail	FortiMail versions 6.4x antérieures à 6.4.8
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.13
Fortinet	FortiVoiceEnterprise	FortiVoiceEnterprise versions antérieures à 6.0.10
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions 7.4.x postérieures à 7.4.1 et antérieures à 7.4.4
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.8
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.7
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions 7.2.x postérieures à 7.2.1 et antérieures à 7.2.7
Fortinet	FortiSwitch	FortiSwitch versions 7.4.x antérieures à 7.4.1
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.2
Fortinet	FortiAP-W2	FortiAP-W2 versions antérieures à 7.2.4
Fortinet	FortiClient	FortiClientEMS versions antérieures à 7.2.5
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet	FortiSwitch	FortiSwitch versions 7.2.x antérieures à 7.2.6
Fortinet	FortiDDoS	FortiDDoS versions antérieures à 5.5.1
Fortinet	FortiAP	FortiAP versions antérieures à 7.2.4
Fortinet	FortiSwitch	FortiSwitch versions antérieures à 6.2.8
Fortinet	FortiClient	FortiClientWindows versions antérieures à 7.4.1
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.2.2 Security Patch 9
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6
Fortinet	FortiDeceptor	FortiDeceptor versions antérieures à 6.0.1
Fortinet	FortiAP-S	FortiAP-S versions antérieures à 6.4.10
Fortinet	FortiVoiceEnterprise	FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4
Fortinet	FortiAuthenticator	FortiAuthenticator versions antérieures à 6.3.3
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.5
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.19
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.4
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.5
Fortinet	FortiManager	FortiManager Cloud versions antérieures à 7.0.13
Fortinet	FortiSandbox	FortiSandbox versions 4.4.x antérieures à 4.4.5
Fortinet	FortiAP	FortiAP versions 7.4.x antérieures à 7.4.3
Fortinet	FortiClient	FortiClientLinux versions antérieures à 7.2.5
Fortinet	FortiSwitch	FortiSwitch versions 6.4.x antérieures à 6.4.14
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.2.2
Fortinet	FortiManager	FortiManager versions 6.2.x antérieures à 6.2.12
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions antérieures à 7.0.12
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.1
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.5
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.3
Fortinet	FortiProxy	FortiProxy versions 2.0.x antérieures à 2.0.15
Fortinet	FortiSOAR	FortiSOAR versions 7.3.x antérieures à 7.3.3
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.6
Fortinet	FortiClient	FortiClientLinux versions antérieures à 7.4.0
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.1.6
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.0.5
Fortinet	FortiAP-W2	FortiAP-W2 versions 7.4.x antérieures à 7.4.3
Fortinet	FortiSandbox	FortiSandbox versions 4.2.x antérieures à 4.2.7
Fortinet	FortiADC	FortiADC versions 6.2.x antérieures à 6.2.4
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.6
Fortinet	FortiSwitch	FortiSwitch versions 7.0.x antérieures à 7.0.8
Fortinet	FortiTester	FortiTester versions antérieures à 7.2.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.15
Fortinet	FortiAuthenticator	FortiAuthenticator versions 6.4.x antérieures à 6.4.1
Fortinet	FortiVoice	FortiVoice versions antérieures à 6.4.10
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.12
Fortinet	FortiSOAR	FortiSOAR versions 7.5.x antérieures à 7.5.1
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-258	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-458	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-061	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-405	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-285	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-165	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-494	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-220	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-221	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-078	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-282	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-373	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-106	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-250	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-189	2025-01-15	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-401	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-239	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-097	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-260	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-170	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-259	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-143	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-476	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-415	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-461	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-266	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-407	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-086	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-465	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-222	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-219	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-210	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-211	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-267	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-010	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-473	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-216	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-326	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-135	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-152	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-304	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-164	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-310	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-405	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-127	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-381	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-091	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-417	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-293	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-071	2025-01-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.3.3",
      "product": {
        "name": "FortiDDoS-F",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.1 pour la vuln\u00e9rabilit\u00e9 CVE-2024-52963",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "Connecteur IMAP pour FortiSOAR versions ant\u00e9rieures \u00e0 3.5.8",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLC versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
      "product": {
        "name": "FortiWLC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.15",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.10",
      "product": {
        "name": "FortiVoiceEnterprise",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.4.x post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.2.x post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAP-W2",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.2.8",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.2 Security Patch 9",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-S versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiAP-S",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
      "product": {
        "name": "FortiVoiceEnterprise",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.3",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.19",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.14",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.12",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.15",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.1.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAP-W2",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.5.x ant\u00e9rieures \u00e0 7.5.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45326"
    },
    {
      "name": "CVE-2023-37931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37931"
    },
    {
      "name": "CVE-2024-32115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32115"
    },
    {
      "name": "CVE-2023-42786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42786"
    },
    {
      "name": "CVE-2024-35280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35280"
    },
    {
      "name": "CVE-2024-35273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35273"
    },
    {
      "name": "CVE-2024-48884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48884"
    },
    {
      "name": "CVE-2024-46666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46666"
    },
    {
      "name": "CVE-2022-23439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23439"
    },
    {
      "name": "CVE-2024-47571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47571"
    },
    {
      "name": "CVE-2024-35275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35275"
    },
    {
      "name": "CVE-2024-47573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47573"
    },
    {
      "name": "CVE-2024-52963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52963"
    },
    {
      "name": "CVE-2023-37937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37937"
    },
    {
      "name": "CVE-2024-33503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33503"
    },
    {
      "name": "CVE-2024-55593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55593"
    },
    {
      "name": "CVE-2024-48885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48885"
    },
    {
      "name": "CVE-2024-46662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46662"
    },
    {
      "name": "CVE-2024-27778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27778"
    },
    {
      "name": "CVE-2024-48893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48893"
    },
    {
      "name": "CVE-2024-47566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47566"
    },
    {
      "name": "CVE-2024-52969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52969"
    },
    {
      "name": "CVE-2024-35276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35276"
    },
    {
      "name": "CVE-2024-40587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40587"
    },
    {
      "name": "CVE-2024-36512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36512"
    },
    {
      "name": "CVE-2023-46715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46715"
    },
    {
      "name": "CVE-2024-36510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36510"
    },
    {
      "name": "CVE-2024-56497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56497"
    },
    {
      "name": "CVE-2024-46665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46665"
    },
    {
      "name": "CVE-2024-48890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48890"
    },
    {
      "name": "CVE-2024-21758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21758"
    },
    {
      "name": "CVE-2024-52967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52967"
    },
    {
      "name": "CVE-2023-37936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37936"
    },
    {
      "name": "CVE-2024-46668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46668"
    },
    {
      "name": "CVE-2024-35278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35278"
    },
    {
      "name": "CVE-2024-26012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26012"
    },
    {
      "name": "CVE-2024-46664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46664"
    },
    {
      "name": "CVE-2024-23106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23106"
    },
    {
      "name": "CVE-2024-54021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54021"
    },
    {
      "name": "CVE-2024-46669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46669"
    },
    {
      "name": "CVE-2023-5217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
    },
    {
      "name": "CVE-2023-42785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42785"
    },
    {
      "name": "CVE-2024-36504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36504"
    },
    {
      "name": "CVE-2024-35277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35277"
    },
    {
      "name": "CVE-2023-4863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
    },
    {
      "name": "CVE-2024-48886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48886"
    },
    {
      "name": "CVE-2024-50564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50564"
    },
    {
      "name": "CVE-2024-33502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33502"
    },
    {
      "name": "CVE-2024-45331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45331"
    },
    {
      "name": "CVE-2024-50563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50563"
    },
    {
      "name": "CVE-2024-36506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36506"
    },
    {
      "name": "CVE-2024-46667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46667"
    },
    {
      "name": "CVE-2024-46670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46670"
    },
    {
      "name": "CVE-2024-47572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47572"
    }
  ],
  "initial_release_date": "2025-01-15T00:00:00",
  "last_revision_date": "2025-01-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0031",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-258",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-258"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-458",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-458"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-061",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-061"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-405",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-405"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-285",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-285"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-165",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-165"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-494",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-494"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-220",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-220"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-221",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-221"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-078",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-078"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-282",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-282"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-373",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-373"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-106",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-106"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-250",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-250"
    },
    {
      "published_at": "2025-01-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-189",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-189"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-401",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-401"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-239",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-239"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-097",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-097"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-260",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-260"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-170",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-170"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-259",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-259"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-143",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-143"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-476",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-476"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-415",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-415"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-461",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-461"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-266",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-266"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-407",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-407"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-086",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-086"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-465",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-465"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-222",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-222"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-219",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-219"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-210",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-210"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-211",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-211"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-267",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-267"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-010",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-010"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-473",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-473"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-216",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-216"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-326",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-326"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-135",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-135"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-152",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-152"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-304",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-304"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-164",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-164"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-310",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-310"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-405",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-405"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-127",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-127"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-381",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-381"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-091",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-091"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-417",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-417"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-293",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-293"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-071",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-071"
    }
  ]
}

CERTFR-2023-AVI-1018

Vulnerability from certfr_avis - Published: 2023-12-13 - Updated: 2023-12-13

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une injection de code indirecte à distance (XSS), une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.6
Fortinet	FortiMail	FortiMail 6.0.x toutes versions
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiTester 2.6.x toutes versions
Fortinet	N/A	FortiNDR 1.1.x toutes versions
Fortinet	FortiSandbox	FortiSandbox versions 3.0.x antérieures à 3.0.4
Fortinet	N/A	FortiTester 3.5.x toutes versions
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.11
Fortinet	FortiSwitch	FortiSwitch versions 7.0.x antérieures à 7.0.5
Fortinet	FortiOS	FortiOS 6.4.x toutes versions
Fortinet	FortiWeb	FortiWeb 7.0.x toutes versions
Fortinet	FortiSwitch	FortiSwitch 6.2.x toutes versions
Fortinet	FortiADC	FortiADC 6.2.x toutes versions
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.1
Fortinet	FortiRecorder	FortiRecorder 2.6.x toutes versions
Fortinet	N/A	FortiTester 3.2.x toutes versions
Fortinet	FortiSwitch	FortiSwitch versions 6.4.x antérieures à 6.4.11
Fortinet	FortiADC	FortiADC 6.0.x toutes versions
Fortinet	N/A	FortiTester 7.1.x toutes versions
Fortinet	FortiOS	FortiOS 6.0.x toutes versions
Fortinet	FortiRecorder	FortiRecorder 2.7.x toutes versions
Fortinet	FortiSandbox	FortiSandbox 3.1.x toutes versions
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.1
Fortinet	FortiADC	FortiADC 7.0.x toutes versions
Fortinet	N/A	FortiTester 2.5.x toutes versions
Fortinet	FortiRecorder	FortiRecorder versions 6.4.x antérieures à 6.4.3
Fortinet	FortiSandbox	FortiSandbox 4.0.x toutes versions
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiTester 3.9.x toutes versions
Fortinet	N/A	FortiTester 4.1.x toutes versions
Fortinet	N/A	FortiNDR versions 7.0.x antérieures à 7.0.5
Fortinet	FortiSandbox	FortiSandbox 3.2.x toutes versions
Fortinet	N/A	FortiNDR 1.2.x toutes versions
Fortinet	FortiOS	FortiOS 7.0.x toutes versions
Fortinet	N/A	FortiTester 3.7.x toutes versions
Fortinet	FortiADC	FortiADC 7.1.x toutes versions
Fortinet	FortiMail	FortiMail 6.2.x toutes versions
Fortinet	N/A	FortiTester 3.4.x toutes versions
Fortinet	FortiOS	FortiOS versions 6.2.x antérieures à 6.2.16
Fortinet	FortiWeb	FortiWeb 6.3.x toutes versions
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.5
Fortinet	N/A	FortiTester 2.7.x toutes versions
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.6
Fortinet	N/A	FortiTester 2.3.x toutes versions
Fortinet	N/A	FortiVoice versions 6.4.x antérieures à 6.4.8
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.1
Fortinet	N/A	FortiTester 2.8.x toutes versions
Fortinet	N/A	FortiNDR 1.3.x toutes versions
Fortinet	FortiPortal	FortiPortal versions 7.0.x antérieures à 7.0.7
Fortinet	N/A	FortiNDR versions 7.1.x antérieures à 7.1.1
Fortinet	FortiPAM	FortiPAM versions 1.1.x antérieures à 1.1.1
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.10
Fortinet	FortiMail	FortiMail versions 6.4.x antérieures à 6.4.7
Fortinet	N/A	FortiTester 7.2.x toutes versions
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.3
Fortinet	FortiSwitch	FortiSwitch 6.0.x toutes versions
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.5
Fortinet	FortiProxy	FortiProxy versions 2.0.x antérieures à 2.0.13
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.4
Fortinet	N/A	FortiTester 2.9.x toutes versions
Fortinet	N/A	FortiVoice versions 6.0.x antérieures à 6.0.12
Fortinet	FortiADC	FortiADC 6.1.x toutes versions
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.13
Fortinet	FortiPAM	FortiPAM 1.0.x toutes versions
Fortinet	N/A	FortiTester 2.4.x toutes versions
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.12
Fortinet	N/A	FortiTester 4.0.x toutes versions
Fortinet	N/A	FortiTester 4.2.x toutes versions
Fortinet	N/A	FortiTester 3.1.x toutes versions
Fortinet	N/A	FortiNDR 1.5.x toutes versions
Fortinet	FortiWeb	FortiWeb 6.2.x toutes versions
Fortinet	N/A	FortiNDR 1.4.x toutes versions
Fortinet	FortiRecorder	FortiRecorder versions 6.0.x antérieures à 6.0.12
Fortinet	FortiPAM	FortiPAM versions 1.1.x antérieures à 1.1.2
Fortinet	N/A	FortiTester 3.8.x toutes versions
Fortinet	N/A	FortiTester 3.6.x toutes versions
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSandbox	FortiSandbox versions 4.4.x antérieures à 4.4.3
Fortinet	N/A	FortiTester 3.3.x toutes versions
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.4
Fortinet	N/A	FortiTester 3.0.x toutes versions
Fortinet	N/A	FortiWLM versions 8.6.x antérieures à 8.6.6
Fortinet	FortiSandbox	FortiSandbox 4.2.x toutes versions
Fortinet	N/A	FortiTester 7.0.x toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-138 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-270 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-214 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-196 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-360 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-439 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-425 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-038 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-256 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-345 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-432 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-450 du 12 décembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail 6.0.x toutes versions",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.6.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 3.0.x ant\u00e9rieures \u00e0 3.0.4",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.5.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.4.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 7.0.x toutes versions",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch 6.2.x toutes versions",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 6.2.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder 2.6.x toutes versions",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 6.0.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 7.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.0.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder 2.7.x toutes versions",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 3.1.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 7.0.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.5.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 4.0.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.9.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 4.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 3.2.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 7.0.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.7.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 7.1.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail 6.2.x toutes versions",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.4.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 6.3.x toutes versions",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.7.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.3.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.8.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.3.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 7.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch 6.0.x toutes versions",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.13",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.9.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 6.1.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.0.x toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.4.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 4.0.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 4.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.5.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 6.2.x toutes versions",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.4.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.2",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.8.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.6.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.3",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.3.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.0.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLM versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 4.2.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 7.0.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-47536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47536"
    },
    {
      "name": "CVE-2023-47539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47539"
    },
    {
      "name": "CVE-2023-40716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40716"
    },
    {
      "name": "CVE-2023-41678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41678"
    },
    {
      "name": "CVE-2023-46713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46713"
    },
    {
      "name": "CVE-2023-48782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48782"
    },
    {
      "name": "CVE-2023-41844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41844"
    },
    {
      "name": "CVE-2023-41673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41673"
    },
    {
      "name": "CVE-2022-27488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27488"
    },
    {
      "name": "CVE-2023-48791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48791"
    },
    {
      "name": "CVE-2023-36639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36639"
    },
    {
      "name": "CVE-2023-45587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45587"
    }
  ],
  "initial_release_date": "2023-12-13T00:00:00",
  "last_revision_date": "2023-12-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-1018",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nune injection de code indirecte \u00e0 distance (XSS), une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-138 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-138"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-270 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-270"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-214 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-214"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-196 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-196"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-360 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-360"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-439 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-439"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-425 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-425"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-038 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-038"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-256 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-256"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-345 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-345"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-432 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-432"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-450 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-450"
    }
  ]
}

CERTFR-2023-AVI-0973

Vulnerability from certfr_avis - Published: 2023-11-22 - Updated: 2023-11-22

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiGate	Fortigate FGT_VM64 versions 7.4.x antérieures à 7.4.2
Fortinet	N/A	FortiClientWindows versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiClientWindows versions 7.0.x antérieures à 7.0.10
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.13
Fortinet	FortiProxy	FortiProxy versions 2.0.x
Fortinet	FortiSIEM	FortiSIEM versions 6.7.x antériéures à 6.7.6
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.1
Fortinet	N/A	FortiClientWindows versions 6.x antérieures à 6.4.9
Fortinet	FortiSIEM	FortiSIEM versions 6.5.x antérieures à 6.5.2
Fortinet	FortiMail	FortiMail versions antérieures à 7.0.7
Fortinet	N/A	FortiWLM version 8.x antérieures à 8.5.5
Fortinet	FortiDDoS	FortiDDOS-F versions 6.5.x antérieures à 6.5.1
Fortinet	N/A	FortiEDRCollectorWindows versions 5.0.x antérieures à 5.0.3.1016
Fortinet	FortiGate	Fortigate FGT_VM64 versions 7.x antérieures 7.2.7
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 6.4.3
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.4
Fortinet	FortiSIEM	FortiSIEM versions 7.0.x antérieures à 7.0.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.6
Fortinet	N/A	FortiEDRCollectorWindows versions 5.2.x antérieures à 5.2.0.4581
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.1
Fortinet	FortiADC	FortiADC versions antérieures à 7.1.3
Fortinet	FortiDDoS	FortiDDOS-F versions antérieures à 6.4.2
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.1
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.5
Fortinet	FortiWAN	FortiWAN toutes versions (ce produit n'est plus maintenu par l'éditeur)
Fortinet	FortiProxy	FortiProxy versions 7.2.x
Fortinet	FortiSIEM	FortiSIEM versions 6.6.x antériéures à 6.6.4
Fortinet	N/A	FortiWLM version 8.6.x antérieures à 8.6.6
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.2.4
Fortinet	FortiProxy	FortiProxy versions 7.0.x

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-22-299 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-306 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-274 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-385 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-518 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-292 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-108 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-290 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-287 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-064 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-135 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-177 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-061 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-151 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-396 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-143 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-142 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-203 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-265 du 14 novembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Fortigate FGT_VM64 versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.7.x ant\u00e9ri\u00e9ures \u00e0 6.7.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.5.x ant\u00e9rieures \u00e0 6.5.2",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLM version 8.x ant\u00e9rieures \u00e0 8.5.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDOS-F versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDRCollectorWindows versions 5.0.x ant\u00e9rieures \u00e0 5.0.3.1016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "Fortigate FGT_VM64 versions 7.x ant\u00e9rieures 7.2.7",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.4.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDRCollectorWindows versions 5.2.x ant\u00e9rieures \u00e0 5.2.0.4581",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDOS-F versions ant\u00e9rieures \u00e0 6.4.2",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWAN toutes versions (ce produit n\u0027est plus maintenu par l\u0027\u00e9diteur)",
      "product": {
        "name": "FortiWAN",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.6.x ant\u00e9ri\u00e9ures \u00e0 6.6.4",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLM version 8.6.x ant\u00e9rieures \u00e0 8.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-36633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36633"
    },
    {
      "name": "CVE-2023-41676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41676"
    },
    {
      "name": "CVE-2023-25603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25603"
    },
    {
      "name": "CVE-2023-36641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36641"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2023-33304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33304"
    },
    {
      "name": "CVE-2023-26205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26205"
    },
    {
      "name": "CVE-2023-28002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28002"
    },
    {
      "name": "CVE-2023-40719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40719"
    },
    {
      "name": "CVE-2023-29177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29177"
    },
    {
      "name": "CVE-2023-44248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44248"
    },
    {
      "name": "CVE-2023-41840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41840"
    },
    {
      "name": "CVE-2023-42783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42783"
    },
    {
      "name": "CVE-2022-40681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40681"
    },
    {
      "name": "CVE-2023-44252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44252"
    },
    {
      "name": "CVE-2023-36553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36553"
    },
    {
      "name": "CVE-2023-44251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44251"
    },
    {
      "name": "CVE-2023-45582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45582"
    },
    {
      "name": "CVE-2023-34991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34991"
    },
    {
      "name": "CVE-2023-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
    }
  ],
  "initial_release_date": "2023-11-22T00:00:00",
  "last_revision_date": "2023-11-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0973",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-11-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-299 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-299"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-306 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-306"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-274 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-274"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-385 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-385"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-518 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-518"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-292 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-292"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-108 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-108"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-290 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-290"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-287 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-287"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-064 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-064"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-135 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-135"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-177 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-177"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-061 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-061"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-151 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-151"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-396 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-396"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-143 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-143"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-142 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-142"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-203 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-203"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-265 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-265"
    }
  ]
}

CERTFR-2023-AVI-0199

Vulnerability from certfr_avis - Published: 2023-03-08 - Updated: 2023-03-09

De multiples vulnérabilités ont été découvertes dans Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS), un contournement de la politique de sécurité, un déni de service à distance, une élévation de privilèges, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiManager	FortiManager versions 6.0.x antérieures à 6.0.5
Fortinet	FortiWeb	FortiWeb versions 7.0.x antérieures à 7.0.3
Fortinet	FortiSwitch	FortiSwitch versions 7.0.x antérieures à 7.0.5
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 7.0.0
Fortinet	FortiPortal	FortiPortal versions 6.0.x antérieures à 6.0.10
Fortinet	FortiWeb	FortiWeb versions 6.4.x antérieures à 6.4.2
Fortinet	FortiMail	FortiMail versions 6.0.x antérieures à 6.0.10
Fortinet	FortiSwitch	FortiSwitch versions 6.4.x antérieures à 6.4.11
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.0.x antérieures à 6.0.5
Fortinet	FortiNAC	FortiNAC versions 9.2.x antérieures à 9.2.7
Fortinet	FortiOS	FortiOS versions antérieures à 7.4.0
Fortinet	FortiOS	FortiOS versions 6.2.x antérieures à 6.2.13
Fortinet	FortiWeb	FortiWeb versions 6.3.x antérieures à 6.3.21
Fortinet	FortiNAC	FortiNAC versions 9.4.x antérieures à 9.4.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.2.x antérieures à 6.2.0
Fortinet	FortiMail	FortiMail versions 6.2.x antérieures à 6.2.5
Fortinet	N/A	FortiAuthenticator versions antérieures à 6.5.0
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.2
Fortinet	FortiRecorder	FortiRecorder versions 6.4.x antérieures à 6.4.4
Fortinet	FortiOS	FortiOS-6K7K versions 6.2.x antérieures à 6.2.13
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.11
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.9
Fortinet	FortiMail	FortiMail versions 6.4.x antérieures à 6.4.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.6
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.2.0
Fortinet	FortiOS	FortiOS-6K7K versions 6.4.x antérieures à 6.4.12
Fortinet	FortiOS	FortiOS-6K7K versions 7.0.x antérieures à 7.0.10
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.3
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.4
Fortinet	FortiRecorder	FortiRecorder versions 6.0.x antérieures à 6.0.12
Fortinet	FortiNAC	FortiNAC versions antérieures à 7.2.0
Fortinet	FortiDeceptor	FortiDeceptor versions antérieures à 3.2.0
Fortinet	FortiManager	FortiManager versions antérieures à 6.2.0
Fortinet	FortiSOAR	FortiSOAR versions 7.3.x antérieures à 7.3.2
Fortinet	FortiProxy	FortiProxy versions 2.0.x antérieures à 2.0.12
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.12
Fortinet	FortiNAC	FortiNAC versions 9.1.x antérieures à 9.1.9
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.10

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-20-078 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-447 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-488 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-369 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-477 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-254 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-388 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-401 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-050 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-281 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-001 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-218 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-18-232 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-309 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-364 du 07 mars 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions 6.0.x ant\u00e9rieures \u00e0 6.0.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.0",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.10",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.0.x ant\u00e9rieures \u00e0 6.0.10",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.0.x ant\u00e9rieures \u00e0 6.0.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.7",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.21",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.2",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.2.x ant\u00e9rieures \u00e0 6.2.0",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.2.x ant\u00e9rieures \u00e0 6.2.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.2.0",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 6.2.0",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.12",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.1.x ant\u00e9rieures \u00e0 9.1.9",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-29056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29056"
    },
    {
      "name": "CVE-2022-41329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41329"
    },
    {
      "name": "CVE-2022-41328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41328"
    },
    {
      "name": "CVE-2022-27490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27490"
    },
    {
      "name": "CVE-2022-41333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41333"
    },
    {
      "name": "CVE-2023-25611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25611"
    },
    {
      "name": "CVE-2022-39953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39953"
    },
    {
      "name": "CVE-2023-23776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23776"
    },
    {
      "name": "CVE-2022-42476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42476"
    },
    {
      "name": "CVE-2022-22297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22297"
    },
    {
      "name": "CVE-2022-39951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39951"
    },
    {
      "name": "CVE-2022-45861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45861"
    },
    {
      "name": "CVE-2022-40676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40676"
    },
    {
      "name": "CVE-2023-25605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25605"
    },
    {
      "name": "CVE-2023-25610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25610"
    }
  ],
  "initial_release_date": "2023-03-08T00:00:00",
  "last_revision_date": "2023-03-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0199",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-08T00:00:00.000000"
    },
    {
      "description": "Correction mineure dans la partie r\u00e9sum\u00e9",
      "revision_date": "2023-03-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eFortinet\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une injection de\ncode indirecte \u00e0 distance (XSS), un contournement de la politique de\ns\u00e9curit\u00e9, un d\u00e9ni de service \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-078 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-078"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-447 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-447"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-488 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-488"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-369 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-369"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-477 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-477"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-254 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-254"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-388 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-388"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-401 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-401"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-050 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-050"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-281 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-281"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-001 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-001"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-218 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-218"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-232 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-18-232"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-309 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-309"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-364 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-364"
    }
  ]
}

CERTFR-2022-AVI-973

Vulnerability from certfr_avis - Published: 2022-11-02 - Updated: 2022-11-02

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiDeceptor	FortiDeceptor versions 4.0.x antérieures à 4.0.3
Fortinet	N/A	FortiClientMac versions 7.0.x antérieures à 7.0.6
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.10
Fortinet	FortiDeceptor	FortiDeceptor versions 4.1.x antérieures à 4.1.2
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.5
Fortinet	N/A	FortiTester versions 7.1.x antérieures à 7.1.1
Fortinet	FortiADC	FortiADC versions 7.1.x antérieures à 7.1.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.5
Fortinet	N/A	FortiTester versions 7.2.x antérieures à 7.2.0
Fortinet	FortiSOAR	FortiSOAR versions 7.2.x antérieures à 7.2.3
Fortinet	N/A	FortiEDR CollectorWindows versions 5.0.x.x antérieures à 5.0.3.912
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.9
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.2
Fortinet	FortiADC	FortiADC versions 7.0.x antérieures à 7.0.3
Fortinet	FortiMail	FortiMail versions 6.4.x antérieures à 6.4.7
Fortinet	N/A	FortiTester versions 4.2.x antérieures à 4.2.1
Fortinet	N/A	AV engine versions 6.4.x antérieures à 6.4.275
Fortinet	FortiADC	FortiADC versions 6.2.x antérieures à 6.2.4
Fortinet	FortiDeceptor	FortiDeceptor versions 4.2.x antérieures à 4.2.1
Fortinet	FortiSIEM	FortiSIEM versions 6.5.x antérieures à 6.5.0
Fortinet	N/A	AV engine versions 6.2.x antérieures à 6.2.169
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.9
Fortinet	N/A	FortiTester versions 3.9.x antérieures à 3.9.2
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.1
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.4
Fortinet	N/A	FortiEDR CollectorWindows versions 5.2.x.x antérieures à 5.2.0.2288
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.8

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-22-331 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-223 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-234 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-228 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-314 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-228 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-232 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-218 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-066 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-216 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-174 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-074 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-070 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-064 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-246 du 01 novembre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiDeceptor versions 4.0.x ant\u00e9rieures \u00e0 4.0.3",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 4.1.x ant\u00e9rieures \u00e0 4.1.2",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 7.2.x ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR CollectorWindows versions 5.0.x.x ant\u00e9rieures \u00e0 5.0.3.912",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 4.2.x ant\u00e9rieures \u00e0 4.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "AV engine versions 6.4.x ant\u00e9rieures \u00e0 6.4.275",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 4.2.x ant\u00e9rieures \u00e0 4.2.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.5.x ant\u00e9rieures \u00e0 6.5.0",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "AV engine versions 6.2.x ant\u00e9rieures \u00e0 6.2.169",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 3.9.x ant\u00e9rieures \u00e0 3.9.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR CollectorWindows versions 5.2.x.x ant\u00e9rieures \u00e0 5.2.0.2288",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-26122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26122"
    },
    {
      "name": "CVE-2022-35842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35842"
    },
    {
      "name": "CVE-2022-38374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38374"
    },
    {
      "name": "CVE-2022-38380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38380"
    },
    {
      "name": "CVE-2022-26119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26119"
    },
    {
      "name": "CVE-2022-35851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35851"
    },
    {
      "name": "CVE-2022-39945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39945"
    },
    {
      "name": "CVE-2022-38373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38373"
    },
    {
      "name": "CVE-2022-33870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33870"
    },
    {
      "name": "CVE-2022-33878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33878"
    },
    {
      "name": "CVE-2022-30307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30307"
    },
    {
      "name": "CVE-2022-38381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38381"
    },
    {
      "name": "CVE-2022-39950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39950"
    },
    {
      "name": "CVE-2022-39949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39949"
    },
    {
      "name": "CVE-2022-42473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42473"
    }
  ],
  "initial_release_date": "2022-11-02T00:00:00",
  "last_revision_date": "2022-11-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-973",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-331 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-331"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-223 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-223"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-234 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-234"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-228 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-228"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-314 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-314"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-228 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-228"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-232 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-232"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-218 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-218"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-066 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-066"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-216 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-216"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-174 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-174"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-074 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-074"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-070 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-070"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-064 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-064"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-246 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-246"
    }
  ]
}

CERTFR-2022-AVI-800

Vulnerability from certfr_avis - Published: 2022-09-07 - Updated: 2022-09-07

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiMail	FortiMail versions antérieures à 7.0.4
Fortinet	N/A	FortiAP-W2 versions 7.0.x antérieures à 7.0.4
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.1
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiManager	FortiManager versions 6.x antérieures à 6.4.8
Fortinet	N/A	FortiAP-W2 versions 6.x antérieures à 6.4.8
Fortinet	N/A	FortiAP-S versions 6.x antérieures à 6.4.8
Fortinet	N/A	FortiAP-W2 versions 7.2.x antérieures à 7.2.1
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.0.2
Fortinet	N/A	FortiAP versions 7.2.x antérieures à 7.2.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiAP versions 6.x antérieures à 6.4.8
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.4
Fortinet	N/A	FortiAP-U versions antérieures à 6.2.4
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.6
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.2.1
Fortinet	FortiADC	FortiADC versions antérieures à 6.2.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.x antérieures à 6.4.9
Fortinet	N/A	FortiAP versions 7.0.x antérieures à 7.0.4

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-21-163 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-215 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-140 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-143 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-073 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-152 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-045 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-156 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-306 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-222 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-158 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-154 du 06 septembre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-S versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-U versions ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-43080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43080"
    },
    {
      "name": "CVE-2022-29062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29062"
    },
    {
      "name": "CVE-2022-38377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38377"
    },
    {
      "name": "CVE-2022-29058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29058"
    },
    {
      "name": "CVE-2022-30298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30298"
    },
    {
      "name": "CVE-2022-29053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29053"
    },
    {
      "name": "CVE-2021-43076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43076"
    },
    {
      "name": "CVE-2022-29061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29061"
    },
    {
      "name": "CVE-2022-27491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27491"
    },
    {
      "name": "CVE-2022-26114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26114"
    },
    {
      "name": "CVE-2022-35847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35847"
    }
  ],
  "initial_release_date": "2022-09-07T00:00:00",
  "last_revision_date": "2022-09-07T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-800",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-163 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-163"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-215 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-215"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-140 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-140"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-143 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-143"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-073 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-073"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-152 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-152"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-045 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-045"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-156 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-156"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-306 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-306"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-222 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-222"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-158 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-158"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-154 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-154"
    }
  ]
}

CERTFR-2022-AVI-701

Vulnerability from certfr_avis - Published: 2022-08-03 - Updated: 2022-08-03

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.3
Fortinet	FortiADC	FortiADC versions 7.x antérieures à 7.0.1
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.4
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.2
Fortinet	FortiProxy	FortiProxy versions 2.0.x antérieures à 2.0.8
Fortinet	FortiGate	FortiGate versions 6.4.x antérieures à 6.4.9
Fortinet	FortiGate	FortiGate versions 7.0.x antérieures à 7.0.6
Fortinet	FortiADC	FortiADC versions antérieures à 6.2.4
Fortinet	FortiOS	FortiOS versions 6.2.x antérieures à 6.2.11
Fortinet	FortiOS	FortiOS versions 6.0.x antérieures à 6.0.15
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.9
Fortinet	FortiMail	FortiMail versions 6.4.x antérieures à 6.4.6
Fortinet	FortiGate	FortiGate versions 7.2.x antérieures à 7.2.0
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.0

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-22-036 du 02 août 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-055 du 02 août 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-235 du 02 août 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.8",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.11",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.0.x ant\u00e9rieures \u00e0 6.0.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions 7.2.x ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22299"
    },
    {
      "name": "CVE-2022-27484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27484"
    },
    {
      "name": "CVE-2022-23442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23442"
    }
  ],
  "initial_release_date": "2022-08-03T00:00:00",
  "last_revision_date": "2022-08-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-701",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-08-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-036 du 02 ao\u00fbt 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-036"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-055 du 02 ao\u00fbt 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-055"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-235 du 02 ao\u00fbt 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-235"
    }
  ]
}

CVE-2025-54972 (GCVE-0-2025-54972)

Vulnerability from cvelistv5 – Published: 2025-11-18 17:01 – Updated: 2026-01-14 09:15

Summary

An improper neutralization of crlf sequences ('crlf injection') vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link

Severity ?

3.9 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CWE

CWE-93 - Information disclosure

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-634

Impacted products

	Vendor	Product	Version
	Fortinet	FortiMail	Affected: 7.6.0 , ≤ 7.6.3 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.2.0 , ≤ 7.2.9 (semver) Affected: 7.0.0 , ≤ 7.0.9 (semver) cpe:2.3:a:fortinet:fortimail:7.6.3:::::::* cpe:2.3:a:fortinet:fortimail:7.6.2:::::::* cpe:2.3:a:fortinet:fortimail:7.6.1:::::::* cpe:2.3:a:fortinet:fortimail:7.6.0:::::::* cpe:2.3:a:fortinet:fortimail:7.4.5:::::::* cpe:2.3:a:fortinet:fortimail:7.4.4:::::::* cpe:2.3:a:fortinet:fortimail:7.4.3:::::::* cpe:2.3:a:fortinet:fortimail:7.4.2:::::::* cpe:2.3:a:fortinet:fortimail:7.4.1:::::::* cpe:2.3:a:fortinet:fortimail:7.4.0:::::::* cpe:2.3:a:fortinet:fortimail:7.2.9:::::::* cpe:2.3:a:fortinet:fortimail:7.2.8:::::::* cpe:2.3:a:fortinet:fortimail:7.2.7:::::::* cpe:2.3:a:fortinet:fortimail:7.2.6:::::::* cpe:2.3:a:fortinet:fortimail:7.2.5:::::::* cpe:2.3:a:fortinet:fortimail:7.2.4:::::::* cpe:2.3:a:fortinet:fortimail:7.2.3:::::::* cpe:2.3:a:fortinet:fortimail:7.2.2:::::::* cpe:2.3:a:fortinet:fortimail:7.2.1:::::::* cpe:2.3:a:fortinet:fortimail:7.2.0:::::::* cpe:2.3:a:fortinet:fortimail:7.0.9:::::::* cpe:2.3:a:fortinet:fortimail:7.0.8:::::::* cpe:2.3:a:fortinet:fortimail:7.0.7:::::::* cpe:2.3:a:fortinet:fortimail:7.0.6:::::::* cpe:2.3:a:fortinet:fortimail:7.0.5:::::::* cpe:2.3:a:fortinet:fortimail:7.0.4:::::::* cpe:2.3:a:fortinet:fortimail:7.0.3:::::::* cpe:2.3:a:fortinet:fortimail:7.0.2:::::::* cpe:2.3:a:fortinet:fortimail:7.0.1:::::::* cpe:2.3:a:fortinet:fortimail:7.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54972",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-19T14:27:05.795266Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T14:27:11.711Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.3",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.9",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of crlf sequences (\u0027crlf injection\u0027) vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T09:15:54.810Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-634",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-634"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to upcoming  FortiMail version 8.0.0 or above\nUpgrade to FortiMail version 7.6.4 or above\nUpgrade to FortiMail version 7.4.6 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-54972",
    "datePublished": "2025-11-18T17:01:15.406Z",
    "dateReserved": "2025-08-04T08:14:35.422Z",
    "dateUpdated": "2026-01-14T09:15:54.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47569 (GCVE-0-2024-47569)

Vulnerability from cvelistv5 – Published: 2025-10-14 15:23 – Updated: 2026-02-10 07:22

Summary

A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets.

Severity ?

4.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C

CWE

CWE-201 - Information disclosure

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-24-228

Impacted products

Vendor

Product

Version

Fortinet

FortiManager Cloud

Affected: 7.4.1 , ≤ 7.4.3 (semver)
    cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*

Fortinet	FortiTester	Affected: 7.4.0 , ≤ 7.4.2 (semver) Affected: 7.3.0 , ≤ 7.3.2 (semver) Affected: 7.2.0 , ≤ 7.2.3 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 Affected: 4.2.0 , ≤ 4.2.1 (semver) cpe:2.3:a:fortinet:fortitester:7.4.2:::::::* cpe:2.3:a:fortinet:fortitester:7.4.1:::::::* cpe:2.3:a:fortinet:fortitester:7.4.0:::::::* cpe:2.3:a:fortinet:fortitester:7.3.2:::::::* cpe:2.3:a:fortinet:fortitester:7.3.1:::::::* cpe:2.3:a:fortinet:fortitester:7.3.0:::::::* cpe:2.3:a:fortinet:fortitester:7.2.3:::::::* cpe:2.3:a:fortinet:fortitester:7.2.2:::::::* cpe:2.3:a:fortinet:fortitester:7.2.1:::::::* cpe:2.3:a:fortinet:fortitester:7.2.0:::::::* cpe:2.3:a:fortinet:fortitester:7.1.1:::::::* cpe:2.3:a:fortinet:fortitester:7.1.0:::::::* cpe:2.3:a:fortinet:fortitester:7.0.0:::::::* cpe:2.3:a:fortinet:fortitester:4.2.1:::::::* cpe:2.3:a:fortinet:fortitester:4.2.0:::::::*
Fortinet	FortiNDR	Affected: 7.6.0 , ≤ 7.6.1 (semver) Affected: 7.4.0 , ≤ 7.4.8 (semver) Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 , ≤ 7.0.7 (semver) Affected: 1.5.0 , ≤ 1.5.3 (semver) cpe:2.3:a:fortinet:fortindr:7.6.1:::::::* cpe:2.3:a:fortinet:fortindr:7.6.0:::::::* cpe:2.3:a:fortinet:fortindr:7.4.8:::::::* cpe:2.3:a:fortinet:fortindr:7.4.7:::::::* cpe:2.3:a:fortinet:fortindr:7.4.6:::::::* cpe:2.3:a:fortinet:fortindr:7.4.5:::::::* cpe:2.3:a:fortinet:fortindr:7.4.4:::::::* cpe:2.3:a:fortinet:fortindr:7.4.3:::::::* cpe:2.3:a:fortinet:fortindr:7.4.2:::::::* cpe:2.3:a:fortinet:fortindr:7.4.1:::::::* cpe:2.3:a:fortinet:fortindr:7.4.0:::::::* cpe:2.3:a:fortinet:fortindr:7.2.5:::::::* cpe:2.3:a:fortinet:fortindr:7.2.4:::::::* cpe:2.3:a:fortinet:fortindr:7.2.3:::::::* cpe:2.3:a:fortinet:fortindr:7.2.2:::::::* cpe:2.3:a:fortinet:fortindr:7.2.1:::::::* cpe:2.3:a:fortinet:fortindr:7.2.0:::::::* cpe:2.3:a:fortinet:fortindr:7.1.1:::::::* cpe:2.3:a:fortinet:fortindr:7.1.0:::::::* cpe:2.3:a:fortinet:fortindr:7.0.7:::::::* cpe:2.3:a:fortinet:fortindr:7.0.6:::::::* cpe:2.3:a:fortinet:fortindr:7.0.5:::::::* cpe:2.3:a:fortinet:fortindr:7.0.4:::::::* cpe:2.3:a:fortinet:fortindr:7.0.3:::::::* cpe:2.3:a:fortinet:fortindr:7.0.2:::::::* cpe:2.3:a:fortinet:fortindr:7.0.1:::::::* cpe:2.3:a:fortinet:fortindr:7.0.0:::::::* cpe:2.3:a:fortinet:fortindr:1.5.3:::::::* cpe:2.3:a:fortinet:fortindr:1.5.2:::::::* cpe:2.3:a:fortinet:fortindr:1.5.1:::::::* cpe:2.3:a:fortinet:fortindr:1.5.0:::::::*
Fortinet	FortiManager	Affected: 7.4.1 , ≤ 7.4.3 (semver) cpe:2.3:o:fortinet:fortimanager:7.4.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.1:::::::*
Fortinet	FortiPAM	Affected: 1.3.0 , ≤ 1.3.1 (semver) Affected: 1.2.0 Affected: 1.1.0 , ≤ 1.1.2 (semver) Affected: 1.0.0 , ≤ 1.0.3 (semver) cpe:2.3:o:fortinet:fortipam:1.3.1:::::::* cpe:2.3:o:fortinet:fortipam:1.3.0:::::::* cpe:2.3:o:fortinet:fortipam:1.2.0:::::::* cpe:2.3:o:fortinet:fortipam:1.1.2:::::::* cpe:2.3:o:fortinet:fortipam:1.1.1:::::::* cpe:2.3:o:fortinet:fortipam:1.1.0:::::::* cpe:2.3:o:fortinet:fortipam:1.0.3:::::::* cpe:2.3:o:fortinet:fortipam:1.0.2:::::::* cpe:2.3:o:fortinet:fortipam:1.0.1:::::::* cpe:2.3:o:fortinet:fortipam:1.0.0:::::::*
Fortinet	FortiOS	Affected: 7.6.0 Affected: 7.4.0 , ≤ 7.4.4 (semver) Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.0.0 , ≤ 7.0.15 (semver) Affected: 6.4.0 , ≤ 6.4.15 (semver) cpe:2.3:o:fortinet:fortios:7.6.0:::::::* cpe:2.3:o:fortinet:fortios:7.4.4:::::::* cpe:2.3:o:fortinet:fortios:7.4.3:::::::* cpe:2.3:o:fortinet:fortios:7.4.2:::::::* cpe:2.3:o:fortinet:fortios:7.4.1:::::::* cpe:2.3:o:fortinet:fortios:7.4.0:::::::* cpe:2.3:o:fortinet:fortios:7.2.8:::::::* cpe:2.3:o:fortinet:fortios:7.2.7:::::::* cpe:2.3:o:fortinet:fortios:7.2.6:::::::* cpe:2.3:o:fortinet:fortios:7.2.5:::::::* cpe:2.3:o:fortinet:fortios:7.2.4:::::::* cpe:2.3:o:fortinet:fortios:7.2.3:::::::* cpe:2.3:o:fortinet:fortios:7.2.2:::::::* cpe:2.3:o:fortinet:fortios:7.2.1:::::::* cpe:2.3:o:fortinet:fortios:7.2.0:::::::* cpe:2.3:o:fortinet:fortios:7.0.15:::::::* cpe:2.3:o:fortinet:fortios:7.0.14:::::::* cpe:2.3:o:fortinet:fortios:7.0.13:::::::* cpe:2.3:o:fortinet:fortios:7.0.12:::::::* cpe:2.3:o:fortinet:fortios:7.0.11:::::::* cpe:2.3:o:fortinet:fortios:7.0.10:::::::* cpe:2.3:o:fortinet:fortios:7.0.9:::::::* cpe:2.3:o:fortinet:fortios:7.0.8:::::::* cpe:2.3:o:fortinet:fortios:7.0.7:::::::* cpe:2.3:o:fortinet:fortios:7.0.6:::::::* cpe:2.3:o:fortinet:fortios:7.0.5:::::::* cpe:2.3:o:fortinet:fortios:7.0.4:::::::* cpe:2.3:o:fortinet:fortios:7.0.3:::::::* cpe:2.3:o:fortinet:fortios:7.0.2:::::::* cpe:2.3:o:fortinet:fortios:7.0.1:::::::* cpe:2.3:o:fortinet:fortios:7.0.0:::::::* cpe:2.3:o:fortinet:fortios:6.4.15:::::::* cpe:2.3:o:fortinet:fortios:6.4.14:::::::* cpe:2.3:o:fortinet:fortios:6.4.13:::::::* cpe:2.3:o:fortinet:fortios:6.4.12:::::::* cpe:2.3:o:fortinet:fortios:6.4.11:::::::* cpe:2.3:o:fortinet:fortios:6.4.10:::::::* cpe:2.3:o:fortinet:fortios:6.4.9:::::::* cpe:2.3:o:fortinet:fortios:6.4.8:::::::* cpe:2.3:o:fortinet:fortios:6.4.7:::::::* cpe:2.3:o:fortinet:fortios:6.4.6:::::::* cpe:2.3:o:fortinet:fortios:6.4.5:::::::* cpe:2.3:o:fortinet:fortios:6.4.4:::::::* cpe:2.3:o:fortinet:fortios:6.4.3:::::::* cpe:2.3:o:fortinet:fortios:6.4.2:::::::* cpe:2.3:o:fortinet:fortios:6.4.1:::::::* cpe:2.3:o:fortinet:fortios:6.4.0:::::::*
Fortinet	FortiRecorder	Affected: 7.2.0 , ≤ 7.2.1 (semver) Affected: 7.0.0 , ≤ 7.0.4 (semver) cpe:2.3:a:fortinet:fortirecorder:7.2.1:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.0:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.4:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.3:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.2:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.1:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.0:::::::*
Fortinet	FortiProxy	Affected: 7.4.0 , ≤ 7.4.4 (semver) Affected: 7.2.0 , ≤ 7.2.10 (semver) Affected: 7.0.0 , ≤ 7.0.23 (semver) cpe:2.3:a:fortinet:fortiproxy:7.4.4:::::::* cpe:2.3:a:fortinet:fortiproxy:7.4.3:::::::* cpe:2.3:a:fortinet:fortiproxy:7.4.2:::::::* cpe:2.3:a:fortinet:fortiproxy:7.4.1:::::::* cpe:2.3:a:fortinet:fortiproxy:7.4.0:::::::* cpe:2.3:a:fortinet:fortiproxy:7.2.10:::::::* cpe:2.3:a:fortinet:fortiproxy:7.2.9:::::::* cpe:2.3:a:fortinet:fortiproxy:7.2.8:::::::* cpe:2.3:a:fortinet:fortiproxy:7.2.7:::::::* cpe:2.3:a:fortinet:fortiproxy:7.2.6:::::::* cpe:2.3:a:fortinet:fortiproxy:7.2.5:::::::* cpe:2.3:a:fortinet:fortiproxy:7.2.4:::::::* cpe:2.3:a:fortinet:fortiproxy:7.2.3:::::::* cpe:2.3:a:fortinet:fortiproxy:7.2.2:::::::* cpe:2.3:a:fortinet:fortiproxy:7.2.1:::::::* cpe:2.3:a:fortinet:fortiproxy:7.2.0:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.23:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.22:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.21:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.20:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.19:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.18:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.17:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.16:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.15:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.14:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.13:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.12:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.11:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.10:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.9:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.8:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.7:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.6:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.5:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.4:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.3:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.2:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.1:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.0:::::::*
Fortinet	FortiMail	Affected: 7.4.0 , ≤ 7.4.2 (semver) Affected: 7.2.0 , ≤ 7.2.6 (semver) Affected: 7.0.0 , ≤ 7.0.9 (semver) cpe:2.3:a:fortinet:fortimail:7.4.2:::::::* cpe:2.3:a:fortinet:fortimail:7.4.1:::::::* cpe:2.3:a:fortinet:fortimail:7.4.0:::::::* cpe:2.3:a:fortinet:fortimail:7.2.6:::::::* cpe:2.3:a:fortinet:fortimail:7.2.5:::::::* cpe:2.3:a:fortinet:fortimail:7.2.4:::::::* cpe:2.3:a:fortinet:fortimail:7.2.3:::::::* cpe:2.3:a:fortinet:fortimail:7.2.2:::::::* cpe:2.3:a:fortinet:fortimail:7.2.1:::::::* cpe:2.3:a:fortinet:fortimail:7.2.0:::::::* cpe:2.3:a:fortinet:fortimail:7.0.9:::::::* cpe:2.3:a:fortinet:fortimail:7.0.8:::::::* cpe:2.3:a:fortinet:fortimail:7.0.7:::::::* cpe:2.3:a:fortinet:fortimail:7.0.6:::::::* cpe:2.3:a:fortinet:fortimail:7.0.5:::::::* cpe:2.3:a:fortinet:fortimail:7.0.4:::::::* cpe:2.3:a:fortinet:fortimail:7.0.3:::::::* cpe:2.3:a:fortinet:fortimail:7.0.2:::::::* cpe:2.3:a:fortinet:fortimail:7.0.1:::::::* cpe:2.3:a:fortinet:fortimail:7.0.0:::::::*
Fortinet	FortiWeb	Affected: 7.6.0 Affected: 7.4.0 , ≤ 7.4.4 (semver) Affected: 7.2.0 , ≤ 7.2.12 (semver) Affected: 7.0.0 , ≤ 7.0.12 (semver) Affected: 6.4.0 , ≤ 6.4.3 (semver) cpe:2.3:a:fortinet:fortiweb:7.6.0:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.4:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.3:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.2:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.1:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.0:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.12:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.11:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.10:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.9:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.8:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.7:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.6:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.5:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.4:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.3:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.2:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.1:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.0:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.12:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.11:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.10:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.9:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.8:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.7:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.6:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.5:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.4:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.3:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.2:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.1:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.0:::::::* cpe:2.3:a:fortinet:fortiweb:6.4.3:::::::* cpe:2.3:a:fortinet:fortiweb:6.4.2:::::::* cpe:2.3:a:fortinet:fortiweb:6.4.1:::::::* cpe:2.3:a:fortinet:fortiweb:6.4.0:::::::*
Fortinet	FortiVoice	Affected: 7.0.0 , ≤ 7.0.4 (semver) Affected: 6.4.0 , ≤ 6.4.9 (semver) Affected: 6.0.7 , ≤ 6.0.12 (semver) cpe:2.3:a:fortinet:fortivoice:7.0.4:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.3:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.2:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.9:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.12:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.11:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.10:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.9:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.7:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47569",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-16T15:31:45.922521Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-16T15:31:53.740Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager Cloud",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortitester:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiTester",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.2",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "lessThanOrEqual": "4.2.1",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiNDR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.1",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.8",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.5.3",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPAM",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "lessThanOrEqual": "1.1.2",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.8",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiRecorder",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.10",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.23",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.6",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.9",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiWeb",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.12",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.12",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.3",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiVoice",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.9",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.7",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-201",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-10T07:22:21.025Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-228",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-228"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiManager Cloud version 7.4.4 or above\nUpgrade to FortiTester version 7.6.0 or above\nUpgrade to FortiTester version 7.4.3 or above\nUpgrade to FortiNDR version 7.6.2 or above\nUpgrade to FortiNDR version 7.4.9 or above\nUpgrade to FortiManager version 7.6.2 or above\nUpgrade to FortiManager version 7.4.4 or above\nUpgrade to FortiPAM version 1.5.0 or above\nUpgrade to FortiPAM version 1.4.0 or above\nFortinet remediated this issue in FortiSASE version 24.3.b and hence customers do not need to perform any action.\nUpgrade to FortiOS version 7.6.1 or above\nUpgrade to FortiOS version 7.4.5 or above\nUpgrade to FortiOS version 7.2.9 or above\nUpgrade to FortiOS version 7.0.16 or above\nUpgrade to FortiOS version 6.4.16 or above\nUpgrade to FortiRecorder version 7.2.2 or above\nUpgrade to FortiRecorder version 7.0.5 or above\nUpgrade to FortiProxy version 7.4.5 or above\nUpgrade to FortiProxy version 7.2.11 or above\nUpgrade to FortiMail version 7.6.0 or above\nUpgrade to FortiMail version 7.4.3 or above\nUpgrade to FortiMail version 7.2.7 or above\nUpgrade to FortiWeb version 7.6.1 or above\nUpgrade to FortiWeb version 7.4.5 or above\nUpgrade to FortiVoice version 7.2.0 or above\nUpgrade to FortiVoice version 7.0.5 or above\nUpgrade to FortiVoice version 6.4.10 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-47569",
    "datePublished": "2025-10-14T15:23:03.965Z",
    "dateReserved": "2024-09-27T16:19:24.136Z",
    "dateUpdated": "2026-02-10T07:22:21.025Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40588 (GCVE-0-2024-40588)

Vulnerability from cvelistv5 – Published: 2025-08-12 18:59 – Updated: 2026-01-14 09:17

Summary

Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.

Severity ?

4.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C

CWE

CWE-23 - Improper access control

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-24-309

Impacted products

Vendor

Product

Version

Fortinet

FortiCamera

Affected: 2.1.0 , ≤ 2.1.4 (semver)
Affected: 2.0.0
Affected: 1.1.0 , ≤ 1.1.5 (semver)
Affected: 1.0.3 , ≤ 1.0.5 (semver)
    cpe:2.3:a:fortinet:forticamera:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticamera:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticamera:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticamera:1.0.3:*:*:*:*:*:*:*

Fortinet	FortiNDR	Affected: 7.6.0 , ≤ 7.6.1 (semver) Affected: 7.4.0 , ≤ 7.4.6 (semver) Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 , ≤ 7.0.7 (semver) cpe:2.3:a:fortinet:fortindr:7.6.1:::::::* cpe:2.3:a:fortinet:fortindr:7.6.0:::::::* cpe:2.3:a:fortinet:fortindr:7.4.6:::::::* cpe:2.3:a:fortinet:fortindr:7.4.5:::::::* cpe:2.3:a:fortinet:fortindr:7.4.4:::::::* cpe:2.3:a:fortinet:fortindr:7.4.3:::::::* cpe:2.3:a:fortinet:fortindr:7.4.2:::::::* cpe:2.3:a:fortinet:fortindr:7.4.1:::::::* cpe:2.3:a:fortinet:fortindr:7.4.0:::::::* cpe:2.3:a:fortinet:fortindr:7.2.5:::::::* cpe:2.3:a:fortinet:fortindr:7.2.4:::::::* cpe:2.3:a:fortinet:fortindr:7.2.3:::::::* cpe:2.3:a:fortinet:fortindr:7.2.2:::::::* cpe:2.3:a:fortinet:fortindr:7.2.1:::::::* cpe:2.3:a:fortinet:fortindr:7.2.0:::::::* cpe:2.3:a:fortinet:fortindr:7.1.1:::::::* cpe:2.3:a:fortinet:fortindr:7.1.0:::::::* cpe:2.3:a:fortinet:fortindr:7.0.7:::::::* cpe:2.3:a:fortinet:fortindr:7.0.6:::::::* cpe:2.3:a:fortinet:fortindr:7.0.5:::::::* cpe:2.3:a:fortinet:fortindr:7.0.4:::::::* cpe:2.3:a:fortinet:fortindr:7.0.3:::::::* cpe:2.3:a:fortinet:fortindr:7.0.2:::::::* cpe:2.3:a:fortinet:fortindr:7.0.1:::::::* cpe:2.3:a:fortinet:fortindr:7.0.0:::::::*
Fortinet	FortiMail	Affected: 7.6.0 , ≤ 7.6.1 (semver) Affected: 7.4.0 , ≤ 7.4.3 (semver) Affected: 7.2.0 , ≤ 7.2.9 (semver) Affected: 7.0.0 , ≤ 7.0.9 (semver) Affected: 6.4.0 , ≤ 6.4.8 (semver) cpe:2.3:a:fortinet:fortimail:7.6.1:::::::* cpe:2.3:a:fortinet:fortimail:7.6.0:::::::* cpe:2.3:a:fortinet:fortimail:7.4.3:::::::* cpe:2.3:a:fortinet:fortimail:7.4.2:::::::* cpe:2.3:a:fortinet:fortimail:7.4.1:::::::* cpe:2.3:a:fortinet:fortimail:7.4.0:::::::* cpe:2.3:a:fortinet:fortimail:7.2.9:::::::* cpe:2.3:a:fortinet:fortimail:7.2.8:::::::* cpe:2.3:a:fortinet:fortimail:7.2.7:::::::* cpe:2.3:a:fortinet:fortimail:7.2.6:::::::* cpe:2.3:a:fortinet:fortimail:7.2.5:::::::* cpe:2.3:a:fortinet:fortimail:7.2.4:::::::* cpe:2.3:a:fortinet:fortimail:7.2.3:::::::* cpe:2.3:a:fortinet:fortimail:7.2.2:::::::* cpe:2.3:a:fortinet:fortimail:7.2.1:::::::* cpe:2.3:a:fortinet:fortimail:7.2.0:::::::* cpe:2.3:a:fortinet:fortimail:7.0.9:::::::* cpe:2.3:a:fortinet:fortimail:7.0.8:::::::* cpe:2.3:a:fortinet:fortimail:7.0.7:::::::* cpe:2.3:a:fortinet:fortimail:7.0.6:::::::* cpe:2.3:a:fortinet:fortimail:7.0.5:::::::* cpe:2.3:a:fortinet:fortimail:7.0.4:::::::* cpe:2.3:a:fortinet:fortimail:7.0.3:::::::* cpe:2.3:a:fortinet:fortimail:7.0.2:::::::* cpe:2.3:a:fortinet:fortimail:7.0.1:::::::* cpe:2.3:a:fortinet:fortimail:7.0.0:::::::* cpe:2.3:a:fortinet:fortimail:6.4.8:::::::* cpe:2.3:a:fortinet:fortimail:6.4.7:::::::* cpe:2.3:a:fortinet:fortimail:6.4.6:::::::* cpe:2.3:a:fortinet:fortimail:6.4.5:::::::* cpe:2.3:a:fortinet:fortimail:6.4.4:::::::* cpe:2.3:a:fortinet:fortimail:6.4.3:::::::* cpe:2.3:a:fortinet:fortimail:6.4.2:::::::* cpe:2.3:a:fortinet:fortimail:6.4.1:::::::* cpe:2.3:a:fortinet:fortimail:6.4.0:::::::*
Fortinet	FortiRecorder	Affected: 7.2.0 , ≤ 7.2.1 (semver) Affected: 7.0.0 , ≤ 7.0.4 (semver) Affected: 6.4.0 , ≤ 6.4.6 (semver) cpe:2.3:a:fortinet:fortirecorder:7.2.1:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.0:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.4:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.3:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.2:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.1:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.0:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.6:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.5:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.4:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.3:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.2:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.1:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.0:::::::*
Fortinet	FortiVoice	Affected: 7.0.0 , ≤ 7.0.3 (semver) Affected: 6.4.0 , ≤ 6.4.9 (semver) Affected: 6.0.0 , ≤ 6.0.12 (semver) cpe:2.3:a:fortinet:fortivoice:7.0.3:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.2:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.9:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.12:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.11:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.10:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.9:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T19:38:50.113803Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T19:39:38.831Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:forticamera:2.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.0.3:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiCamera",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "2.1.4",
              "status": "affected",
              "version": "2.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            },
            {
              "lessThanOrEqual": "1.1.5",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.5",
              "status": "affected",
              "version": "1.0.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiNDR",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.1",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.6",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.1",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.9",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiRecorder",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.6",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiVoice",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.9",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T09:17:11.543Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-309",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-309"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to upcoming  FortiCamera version 2.0.1 or above\nUpgrade to FortiNDR version 7.6.2 or above\nUpgrade to FortiNDR version 7.4.7 or above\nUpgrade to FortiMail version 7.6.2 or above\nUpgrade to FortiMail version 7.4.4 or above\nUpgrade to FortiRecorder version 7.2.2 or above\nUpgrade to FortiRecorder version 7.0.5 or above\nUpgrade to FortiFone version 3.0.24 or above\nUpgrade to FortiVoice version 7.2.0 or above\nUpgrade to FortiVoice version 7.0.5 or above\nUpgrade to FortiVoice version 6.4.10 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-40588",
    "datePublished": "2025-08-12T18:59:11.807Z",
    "dateReserved": "2024-07-05T11:55:50.010Z",
    "dateUpdated": "2026-01-14T09:17:11.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-32756 (GCVE-0-2025-32756)

Vulnerability from cvelistv5 – Published: 2025-05-13 14:46 – Updated: 2026-01-15 12:54

Summary

A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

Severity ?

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C

CWE

CWE-121 - Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-254

Impacted products

Vendor

Product

Version

Fortinet

FortiNDR

Affected: 7.6.0
Affected: 7.4.0 , ≤ 7.4.7 (semver)
Affected: 7.2.0 , ≤ 7.2.4 (semver)
Affected: 7.1.0 , ≤ 7.1.1 (semver)
Affected: 7.0.0 , ≤ 7.0.6 (semver)
Affected: 1.5.0 , ≤ 1.5.3 (semver)
Affected: 1.4.0
Affected: 1.3.0 , ≤ 1.3.1 (semver)
Affected: 1.2.0
Affected: 1.1.0
    cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:*

Fortinet	FortiCamera	Affected: 2.1.0 , ≤ 2.1.3 (semver) Affected: 2.0.0 Affected: 1.1.0 , ≤ 1.1.5 (semver) cpe:2.3:a:fortinet:forticamera:2.1.3:::::::* cpe:2.3:a:fortinet:forticamera:2.1.2:::::::* cpe:2.3:a:fortinet:forticamera:2.1.1:::::::* cpe:2.3:a:fortinet:forticamera:2.1.0:::::::* cpe:2.3:a:fortinet:forticamera:2.0.0:::::::* cpe:2.3:a:fortinet:forticamera:1.1.5:::::::* cpe:2.3:a:fortinet:forticamera:1.1.4:::::::* cpe:2.3:a:fortinet:forticamera:1.1.3:::::::* cpe:2.3:a:fortinet:forticamera:1.1.2:::::::* cpe:2.3:a:fortinet:forticamera:1.1.1:::::::* cpe:2.3:a:fortinet:forticamera:1.1.0:::::::*
Fortinet	FortiRecorder	Affected: 7.2.0 , ≤ 7.2.3 (semver) Affected: 7.0.0 , ≤ 7.0.5 (semver) Affected: 6.4.0 , ≤ 6.4.5 (semver) cpe:2.3:a:fortinet:fortirecorder:7.2.3:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.2:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.1:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.0:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.5:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.4:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.3:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.2:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.1:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.0:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.5:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.4:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.3:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.2:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.1:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.0:::::::*
Fortinet	FortiVoice	Affected: 7.2.0 Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) cpe:2.3:a:fortinet:fortivoice:7.2.0:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.6:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.5:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.4:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.3:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.2:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.10:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.9:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.0:::::::*
Fortinet	FortiMail	Affected: 7.6.0 , ≤ 7.6.2 (semver) Affected: 7.4.0 , ≤ 7.4.4 (semver) Affected: 7.2.0 , ≤ 7.2.7 (semver) Affected: 7.0.0 , ≤ 7.0.8 (semver) cpe:2.3:a:fortinet:fortimail:7.6.2:::::::* cpe:2.3:a:fortinet:fortimail:7.6.1:::::::* cpe:2.3:a:fortinet:fortimail:7.6.0:::::::* cpe:2.3:a:fortinet:fortimail:7.4.4:::::::* cpe:2.3:a:fortinet:fortimail:7.4.3:::::::* cpe:2.3:a:fortinet:fortimail:7.4.2:::::::* cpe:2.3:a:fortinet:fortimail:7.4.1:::::::* cpe:2.3:a:fortinet:fortimail:7.4.0:::::::* cpe:2.3:a:fortinet:fortimail:7.2.7:::::::* cpe:2.3:a:fortinet:fortimail:7.2.6:::::::* cpe:2.3:a:fortinet:fortimail:7.2.5:::::::* cpe:2.3:a:fortinet:fortimail:7.2.4:::::::* cpe:2.3:a:fortinet:fortimail:7.2.3:::::::* cpe:2.3:a:fortinet:fortimail:7.2.2:::::::* cpe:2.3:a:fortinet:fortimail:7.2.1:::::::* cpe:2.3:a:fortinet:fortimail:7.2.0:::::::* cpe:2.3:a:fortinet:fortimail:7.0.8:::::::* cpe:2.3:a:fortinet:fortimail:7.0.7:::::::* cpe:2.3:a:fortinet:fortimail:7.0.6:::::::* cpe:2.3:a:fortinet:fortimail:7.0.5:::::::* cpe:2.3:a:fortinet:fortimail:7.0.4:::::::* cpe:2.3:a:fortinet:fortimail:7.0.3:::::::* cpe:2.3:a:fortinet:fortimail:7.0.2:::::::* cpe:2.3:a:fortinet:fortimail:7.0.1:::::::* cpe:2.3:a:fortinet:fortimail:7.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32756",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T04:01:18.017087Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-05-14",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:16.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-05-14T00:00:00+00:00",
            "value": "CVE-2025-32756 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiNDR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.4.7",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.5.3",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.4.0"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "status": "affected",
              "version": "1.1.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiCamera",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "2.1.3",
              "status": "affected",
              "version": "2.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            },
            {
              "lessThanOrEqual": "1.1.5",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiRecorder",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.5",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiVoice",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.2",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.7",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T12:54:22.845Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiNDR version 7.6.1 or above\nUpgrade to FortiNDR version 7.4.8 or above\nUpgrade to FortiNDR version 7.2.5 or above\nUpgrade to FortiNDR version 7.0.7 or above\nUpgrade to FortiCamera version 2.1.4 or above\nUpgrade to FortiRecorder version 7.2.4 or above\nUpgrade to FortiRecorder version 7.0.6 or above\nUpgrade to FortiRecorder version 6.4.6 or above\nUpgrade to FortiVoice version 7.2.1 or above\nUpgrade to FortiVoice version 7.0.7 or above\nUpgrade to FortiVoice version 6.4.11 or above\nUpgrade to FortiMail version 7.6.3 or above\nUpgrade to FortiMail version 7.4.5 or above\nUpgrade to FortiMail version 7.2.8 or above\nUpgrade to FortiMail version 7.0.9 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-32756",
    "datePublished": "2025-05-13T14:46:44.208Z",
    "dateReserved": "2025-04-10T08:12:12.347Z",
    "dateUpdated": "2026-01-15T12:54:22.845Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-33302 (GCVE-0-2023-33302)

Vulnerability from cvelistv5 – Published: 2025-03-31 14:58 – Updated: 2025-03-31 15:30

Summary

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

Severity ?

4.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C

CWE

CWE-120 - Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-21-023

Impacted products

Vendor

Product

Version

Fortinet

FortiNDR

Affected: 7.2.0
Affected: 7.1.0
Affected: 7.0.0 , ≤ 7.0.6 (semver)
Affected: 1.5.0 , ≤ 1.5.3 (semver)
Affected: 1.4.0
Affected: 1.3.0 , ≤ 1.3.1 (semver)
Affected: 1.2.0
Affected: 1.1.0

Fortinet

FortiMail

Affected: 6.4.0 , ≤ 6.4.4 (semver)
Affected: 6.2.0 , ≤ 6.2.6 (semver)
Affected: 6.0.0 , ≤ 6.0.10 (semver)
Affected: 5.4.0 , ≤ 5.4.12 (semver)
Affected: 5.3.12 , ≤ 5.3.13 (semver)
Affected: 5.3.0 , ≤ 5.3.10 (semver)
Affected: 5.2.0 , ≤ 5.2.10 (semver)
Affected: 5.1.0 , ≤ 5.1.7 (semver)
Affected: 5.0.0 , ≤ 5.0.11 (semver)
    cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:5.0.0:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33302",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-31T15:28:51.596601Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-31T15:30:12.990Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiNDR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.5.3",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.4.0"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "status": "affected",
              "version": "1.1.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.3.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.3.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.3.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.3.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.3.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.3.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.3.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.3.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.3.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.6",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.10",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.12",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.13",
              "status": "affected",
              "version": "5.3.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.10",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.10",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.1.7",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.11",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Fortinet  FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-31T14:58:11.960Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-21-023",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-21-023"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiMail version 7.0.0 or above\nPlease upgrade to FortiMail version 6.4.5 or above\nPlease upgrade to FortiMail version 6.2.7 or above\nPlease upgrade to FortiMail version 6.0.11 or above\nPlease upgrade to FortiNDR version 7.2.1 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-33302",
    "datePublished": "2025-03-31T14:58:11.960Z",
    "dateReserved": "2023-05-22T07:58:22.197Z",
    "dateUpdated": "2025-03-31T15:30:12.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26091 (GCVE-0-2021-26091)

Vulnerability from cvelistv5 – Published: 2025-03-24 15:37 – Updated: 2025-03-31 18:11

Summary

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials.

Severity ?

6.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C

CWE

CWE-338 - Improper Access Control

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/advisory/FG-IR-21-031

Impacted products

	Vendor	Product	Version
	Fortinet	FortiMail	Affected: 6.4.0 , ≤ 6.4.4 (semver) Affected: 6.2.0 , ≤ 6.2.9 (semver) Affected: 6.2.0 , < 6.2.* (semver) cpe:2.3:a:fortinet:fortimail:6.4.4:::::::* cpe:2.3:a:fortinet:fortimail:6.4.3:::::::* cpe:2.3:a:fortinet:fortimail:6.4.2:::::::* cpe:2.3:a:fortinet:fortimail:6.4.1:::::::* cpe:2.3:a:fortinet:fortimail:6.4.0:::::::* cpe:2.3:a:fortinet:fortimail:6.2.9:::::::* cpe:2.3:a:fortinet:fortimail:6.2.8:::::::* cpe:2.3:a:fortinet:fortimail:6.2.7:::::::* cpe:2.3:a:fortinet:fortimail:6.2.6:::::::* cpe:2.3:a:fortinet:fortimail:6.2.5:::::::* cpe:2.3:a:fortinet:fortimail:6.2.4:::::::* cpe:2.3:a:fortinet:fortimail:6.2.3:::::::* cpe:2.3:a:fortinet:fortimail:6.2.2:::::::* cpe:2.3:a:fortinet:fortimail:6.2.1:::::::* cpe:2.3:a:fortinet:fortimail:6.2.0:::::::* cpe:2.3:a:fortinet:fortimail:6.2.:::::::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-26091",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-31T18:11:46.513539Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-31T18:11:58.179Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.2.*",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-24T15:37:58.370Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/advisory/FG-IR-21-031",
          "url": "https://fortiguard.com/advisory/FG-IR-21-031"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiMail version 7.0.0 or above\nPlease upgrade to FortiMail version 6.4.5 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-26091",
    "datePublished": "2025-03-24T15:37:58.370Z",
    "dateReserved": "2021-01-25T14:47:15.092Z",
    "dateUpdated": "2025-03-31T18:11:58.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47539 (GCVE-0-2023-47539)

Vulnerability from cvelistv5 – Published: 2025-03-18 13:56 – Updated: 2025-03-19 03:55

Summary

An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.

Severity ?

9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X

CWE

CWE-284 - Improper access control

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-23-439

Impacted products

	Vendor	Product	Version
	Fortinet	FortiMail	Affected: 7.4.0 cpe:2.3:a:fortinet:fortimail:7.4.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47539",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-18T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-19T03:55:48.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-18T13:56:56.681Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-439",
          "url": "https://fortiguard.com/psirt/FG-IR-23-439"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiMail version 7.4.1 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-47539",
    "datePublished": "2025-03-18T13:56:56.681Z",
    "dateReserved": "2023-11-06T10:35:25.828Z",
    "dateUpdated": "2025-03-19T03:55:48.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-46663 (GCVE-0-2024-46663)

Vulnerability from cvelistv5 – Published: 2025-03-11 14:54 – Updated: 2025-03-12 04:00

Summary

A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C

CWE

CWE-121 - Escalation of privilege

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-24-331

Impacted products

	Vendor	Product	Version
	Fortinet	FortiMail	Affected: 7.6.0 , ≤ 7.6.1 (semver) Affected: 7.4.0 , ≤ 7.4.3 (semver) Affected: 7.2.0 , ≤ 7.2.7 (semver) Affected: 7.0.0 , ≤ 7.0.8 (semver) Affected: 6.4.0 , ≤ 6.4.8 (semver) cpe:2.3:a:fortinet:fortimail:7.6.1:::::::* cpe:2.3:a:fortinet:fortimail:7.6.0:::::::* cpe:2.3:a:fortinet:fortimail:7.4.3:::::::* cpe:2.3:a:fortinet:fortimail:7.4.2:::::::* cpe:2.3:a:fortinet:fortimail:7.4.1:::::::* cpe:2.3:a:fortinet:fortimail:7.4.0:::::::* cpe:2.3:a:fortinet:fortimail:7.2.7:::::::* cpe:2.3:a:fortinet:fortimail:7.2.6:::::::* cpe:2.3:a:fortinet:fortimail:7.2.5:::::::* cpe:2.3:a:fortinet:fortimail:7.2.4:::::::* cpe:2.3:a:fortinet:fortimail:7.2.3:::::::* cpe:2.3:a:fortinet:fortimail:7.2.2:::::::* cpe:2.3:a:fortinet:fortimail:7.2.1:::::::* cpe:2.3:a:fortinet:fortimail:7.2.0:::::::* cpe:2.3:a:fortinet:fortimail:7.0.8:::::::* cpe:2.3:a:fortinet:fortimail:7.0.7:::::::* cpe:2.3:a:fortinet:fortimail:7.0.6:::::::* cpe:2.3:a:fortinet:fortimail:7.0.5:::::::* cpe:2.3:a:fortinet:fortimail:7.0.4:::::::* cpe:2.3:a:fortinet:fortimail:7.0.3:::::::* cpe:2.3:a:fortinet:fortimail:7.0.2:::::::* cpe:2.3:a:fortinet:fortimail:7.0.1:::::::* cpe:2.3:a:fortinet:fortimail:7.0.0:::::::* cpe:2.3:a:fortinet:fortimail:6.4.8:::::::* cpe:2.3:a:fortinet:fortimail:6.4.7:::::::* cpe:2.3:a:fortinet:fortimail:6.4.6:::::::* cpe:2.3:a:fortinet:fortimail:6.4.5:::::::* cpe:2.3:a:fortinet:fortimail:6.4.4:::::::* cpe:2.3:a:fortinet:fortimail:6.4.3:::::::* cpe:2.3:a:fortinet:fortimail:6.4.2:::::::* cpe:2.3:a:fortinet:fortimail:6.4.1:::::::* cpe:2.3:a:fortinet:fortimail:6.4.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46663",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-12T04:00:58.832Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.1",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.7",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-11T14:54:31.928Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-331",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-331"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiMail version 7.6.2 or above \nPlease upgrade to FortiMail version 7.4.4 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-46663",
    "datePublished": "2025-03-11T14:54:31.928Z",
    "dateReserved": "2024-09-11T12:14:59.204Z",
    "dateUpdated": "2025-03-12T04:00:58.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23439 (GCVE-0-2022-23439)

Vulnerability from cvelistv5 – Published: 2025-01-22 09:10 – Updated: 2026-01-14 13:06

Summary

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

Severity ?

4.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

CWE

CWE-610 - Improper access control

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-23-494

Impacted products

Vendor

Product

Version

Fortinet

FortiTester

Affected: 7.2.0 , ≤ 7.2.1 (semver)
Affected: 7.1.0 , ≤ 7.1.1 (semver)
Affected: 7.0.0
Affected: 4.2.0 , ≤ 4.2.1 (semver)
Affected: 4.1.0 , ≤ 4.1.1 (semver)
Affected: 4.0.0
Affected: 3.9.0 , ≤ 3.9.2 (semver)
Affected: 3.8.0
Affected: 3.7.0 , ≤ 3.7.1 (semver)
Affected: 3.6.0
Affected: 3.5.0 , ≤ 3.5.1 (semver)
Affected: 3.4.0
Affected: 3.3.0 , ≤ 3.3.1 (semver)
    cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:3.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:3.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:3.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:3.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:3.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:3.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:3.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortitester:3.3.0:*:*:*:*:*:*:*

Fortinet	FortiOS	Affected: 7.2.0 Affected: 7.0.0 , ≤ 7.0.5 (semver) Affected: 6.4.0 , ≤ 6.4.16 (semver) Affected: 6.2.0 , ≤ 6.2.17 (semver) Affected: 6.0.0 , ≤ 6.0.18 (semver) Affected: 6.4.0 , < 6.4.* (semver) cpe:2.3:o:fortinet:fortios:7.2.0:::::::* cpe:2.3:o:fortinet:fortios:7.0.5:::::::* cpe:2.3:o:fortinet:fortios:7.0.4:::::::* cpe:2.3:o:fortinet:fortios:7.0.3:::::::* cpe:2.3:o:fortinet:fortios:7.0.2:::::::* cpe:2.3:o:fortinet:fortios:7.0.1:::::::* cpe:2.3:o:fortinet:fortios:7.0.0:::::::* cpe:2.3:o:fortinet:fortios:6.4.16:::::::* cpe:2.3:o:fortinet:fortios:6.4.15:::::::* cpe:2.3:o:fortinet:fortios:6.4.14:::::::* cpe:2.3:o:fortinet:fortios:6.4.13:::::::* cpe:2.3:o:fortinet:fortios:6.4.12:::::::* cpe:2.3:o:fortinet:fortios:6.4.11:::::::* cpe:2.3:o:fortinet:fortios:6.4.10:::::::* cpe:2.3:o:fortinet:fortios:6.4.9:::::::* cpe:2.3:o:fortinet:fortios:6.4.8:::::::* cpe:2.3:o:fortinet:fortios:6.4.7:::::::* cpe:2.3:o:fortinet:fortios:6.4.6:::::::* cpe:2.3:o:fortinet:fortios:6.4.5:::::::* cpe:2.3:o:fortinet:fortios:6.4.4:::::::* cpe:2.3:o:fortinet:fortios:6.4.3:::::::* cpe:2.3:o:fortinet:fortios:6.4.2:::::::* cpe:2.3:o:fortinet:fortios:6.4.1:::::::* cpe:2.3:o:fortinet:fortios:6.4.0:::::::* cpe:2.3:o:fortinet:fortios:6.2.17:::::::* cpe:2.3:o:fortinet:fortios:6.2.16:::::::* cpe:2.3:o:fortinet:fortios:6.2.15:::::::* cpe:2.3:o:fortinet:fortios:6.2.14:::::::* cpe:2.3:o:fortinet:fortios:6.2.13:::::::* cpe:2.3:o:fortinet:fortios:6.2.12:::::::* cpe:2.3:o:fortinet:fortios:6.2.11:::::::* cpe:2.3:o:fortinet:fortios:6.2.10:::::::* cpe:2.3:o:fortinet:fortios:6.2.9:::::::* cpe:2.3:o:fortinet:fortios:6.2.8:::::::* cpe:2.3:o:fortinet:fortios:6.2.7:::::::* cpe:2.3:o:fortinet:fortios:6.2.6:::::::* cpe:2.3:o:fortinet:fortios:6.2.5:::::::* cpe:2.3:o:fortinet:fortios:6.2.4:::::::* cpe:2.3:o:fortinet:fortios:6.2.3:::::::* cpe:2.3:o:fortinet:fortios:6.2.2:::::::* cpe:2.3:o:fortinet:fortios:6.2.1:::::::* cpe:2.3:o:fortinet:fortios:6.2.0:::::::* cpe:2.3:o:fortinet:fortios:6.0.18:::::::* cpe:2.3:o:fortinet:fortios:6.0.17:::::::* cpe:2.3:o:fortinet:fortios:6.0.16:::::::* cpe:2.3:o:fortinet:fortios:6.0.15:::::::* cpe:2.3:o:fortinet:fortios:6.0.14:::::::* cpe:2.3:o:fortinet:fortios:6.0.13:::::::* cpe:2.3:o:fortinet:fortios:6.0.12:::::::* cpe:2.3:o:fortinet:fortios:6.0.11:::::::* cpe:2.3:o:fortinet:fortios:6.0.10:::::::* cpe:2.3:o:fortinet:fortios:6.0.9:::::::* cpe:2.3:o:fortinet:fortios:6.0.8:::::::* cpe:2.3:o:fortinet:fortios:6.0.7:::::::* cpe:2.3:o:fortinet:fortios:6.0.6:::::::* cpe:2.3:o:fortinet:fortios:6.0.5:::::::* cpe:2.3:o:fortinet:fortios:6.0.4:::::::* cpe:2.3:o:fortinet:fortios:6.0.3:::::::* cpe:2.3:o:fortinet:fortios:6.0.2:::::::* cpe:2.3:o:fortinet:fortios:6.0.1:::::::* cpe:2.3:o:fortinet:fortios:6.0.0:::::::* cpe:2.3:o:fortinet:fortios:6.4.:::::::
Fortinet	FortiRecorder	Affected: 6.4.0 , ≤ 6.4.2 (semver) Affected: 6.0.0 , ≤ 6.0.10 (semver) Affected: 2.7.0 , ≤ 2.7.7 (semver) Affected: 2.6.0 , ≤ 2.6.3 (semver) cpe:2.3:a:fortinet:fortirecorder:6.4.2:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.1:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.0:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.10:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.9:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.8:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.7:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.6:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.5:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.4:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.3:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.2:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.1:::::::* cpe:2.3:a:fortinet:fortirecorder:6.0.0:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.7:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.6:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.5:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.4:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.3:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.2:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.1:::::::* cpe:2.3:a:fortinet:fortirecorder:2.7.0:::::::* cpe:2.3:a:fortinet:fortirecorder:2.6.3:::::::* cpe:2.3:a:fortinet:fortirecorder:2.6.2:::::::* cpe:2.3:a:fortinet:fortirecorder:2.6.1:::::::* cpe:2.3:a:fortinet:fortirecorder:2.6.0:::::::*
Fortinet	FortiNDR	Affected: 7.2.0 Affected: 7.1.0 Affected: 7.0.0 , ≤ 7.0.7 (semver) Affected: 1.5.0 , ≤ 1.5.3 (semver) Affected: 1.4.0 Affected: 1.3.0 , ≤ 1.3.1 (semver) Affected: 1.2.0 Affected: 1.1.0 cpe:2.3:a:fortinet:fortindr:7.2.0:::::::* cpe:2.3:a:fortinet:fortindr:7.1.0:::::::* cpe:2.3:a:fortinet:fortindr:7.0.7:::::::* cpe:2.3:a:fortinet:fortindr:7.0.6:::::::* cpe:2.3:a:fortinet:fortindr:7.0.5:::::::* cpe:2.3:a:fortinet:fortindr:7.0.4:::::::* cpe:2.3:a:fortinet:fortindr:7.0.3:::::::* cpe:2.3:a:fortinet:fortindr:7.0.2:::::::* cpe:2.3:a:fortinet:fortindr:7.0.1:::::::* cpe:2.3:a:fortinet:fortindr:7.0.0:::::::* cpe:2.3:a:fortinet:fortindr:1.5.3:::::::* cpe:2.3:a:fortinet:fortindr:1.5.2:::::::* cpe:2.3:a:fortinet:fortindr:1.5.1:::::::* cpe:2.3:a:fortinet:fortindr:1.5.0:::::::* cpe:2.3:a:fortinet:fortindr:1.4.0:::::::* cpe:2.3:a:fortinet:fortindr:1.3.1:::::::* cpe:2.3:a:fortinet:fortindr:1.3.0:::::::* cpe:2.3:a:fortinet:fortindr:1.2.0:::::::* cpe:2.3:a:fortinet:fortindr:1.1.0:::::::*
Fortinet	FortiADC	Affected: 7.0.0 , ≤ 7.0.1 (semver) Affected: 6.2.0 , ≤ 6.2.3 (semver) Affected: 6.1.0 , ≤ 6.1.6 (semver) Affected: 6.0.0 , ≤ 6.0.4 (semver) Affected: 5.4.0 , ≤ 5.4.5 (semver) Affected: 5.3.0 , ≤ 5.3.7 (semver) Affected: 5.2.0 , ≤ 5.2.8 (semver) Affected: 5.1.0 , ≤ 5.1.7 (semver) Affected: 5.0.0 , ≤ 5.0.4 (semver) cpe:2.3:h:fortinet:fortiadc:7.0.1:::::::* cpe:2.3:h:fortinet:fortiadc:7.0.0:::::::* cpe:2.3:h:fortinet:fortiadc:6.2.3:::::::* cpe:2.3:h:fortinet:fortiadc:6.2.2:::::::* cpe:2.3:h:fortinet:fortiadc:6.2.1:::::::* cpe:2.3:h:fortinet:fortiadc:6.2.0:::::::* cpe:2.3:h:fortinet:fortiadc:6.1.6:::::::* cpe:2.3:h:fortinet:fortiadc:6.1.5:::::::* cpe:2.3:h:fortinet:fortiadc:6.1.4:::::::* cpe:2.3:h:fortinet:fortiadc:6.1.3:::::::* cpe:2.3:h:fortinet:fortiadc:6.1.2:::::::* cpe:2.3:h:fortinet:fortiadc:6.1.1:::::::* cpe:2.3:h:fortinet:fortiadc:6.1.0:::::::* cpe:2.3:h:fortinet:fortiadc:6.0.4:::::::* cpe:2.3:h:fortinet:fortiadc:6.0.3:::::::* cpe:2.3:h:fortinet:fortiadc:6.0.2:::::::* cpe:2.3:h:fortinet:fortiadc:6.0.1:::::::* cpe:2.3:h:fortinet:fortiadc:6.0.0:::::::* cpe:2.3:h:fortinet:fortiadc:5.4.5:::::::* cpe:2.3:h:fortinet:fortiadc:5.4.4:::::::* cpe:2.3:h:fortinet:fortiadc:5.4.3:::::::* cpe:2.3:h:fortinet:fortiadc:5.4.2:::::::* cpe:2.3:h:fortinet:fortiadc:5.4.1:::::::* cpe:2.3:h:fortinet:fortiadc:5.4.0:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.7:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.6:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.5:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.4:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.3:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.2:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.1:::::::* cpe:2.3:h:fortinet:fortiadc:5.3.0:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.8:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.7:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.6:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.5:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.4:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.3:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.2:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.1:::::::* cpe:2.3:h:fortinet:fortiadc:5.2.0:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.7:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.6:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.5:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.4:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.3:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.2:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.1:::::::* cpe:2.3:h:fortinet:fortiadc:5.1.0:::::::* cpe:2.3:h:fortinet:fortiadc:5.0.4:::::::* cpe:2.3:h:fortinet:fortiadc:5.0.3:::::::* cpe:2.3:h:fortinet:fortiadc:5.0.2:::::::* cpe:2.3:h:fortinet:fortiadc:5.0.1:::::::* cpe:2.3:h:fortinet:fortiadc:5.0.0:::::::*
Fortinet	FortiManager	Affected: 7.4.0 , ≤ 7.4.3 (semver) Affected: 7.2.0 , ≤ 7.2.11 (semver) Affected: 7.0.0 , ≤ 7.0.15 (semver) Affected: 6.4.0 , ≤ 6.4.15 (semver) Affected: 6.2.0 , ≤ 6.2.13 (semver) cpe:2.3:o:fortinet:fortimanager:7.4.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.11:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.10:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.9:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.8:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.7:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.6:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.5:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.15:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.14:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.13:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.12:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.11:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.10:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.9:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.8:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.7:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.6:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.5:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.0:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.15:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.14:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.13:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.12:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.11:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.10:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.9:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.8:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.7:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.6:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.5:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.4:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.3:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.2:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.1:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.0:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.13:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.12:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.11:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.10:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.9:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.8:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.7:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.6:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.5:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.4:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.3:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.2:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.1:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.0:::::::*
Fortinet	FortiVoice	Affected: 7.0.0 , ≤ 7.0.1 (semver) Affected: 6.4.0 , ≤ 6.4.8 (semver) Affected: 6.0.0 , ≤ 6.0.11 (semver) cpe:2.3:a:fortinet:fortivoice:7.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.11:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.10:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.9:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.0.0:::::::*
Fortinet	FortiSOAR on-premise	Affected: 7.2.0 , ≤ 7.2.2 (semver) Affected: 7.0.0 , ≤ 7.0.3 (semver) Affected: 6.4.3 , ≤ 6.4.4 (semver) Affected: 6.4.0 , ≤ 6.4.1 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.2.2:::::::* cpe:2.3:a:fortinet:fortisoaron-premise:7.2.1:::::::* cpe:2.3:a:fortinet:fortisoaron-premise:7.2.0:::::::* cpe:2.3:a:fortinet:fortisoaron-premise:7.0.3:::::::* cpe:2.3:a:fortinet:fortisoaron-premise:7.0.2:::::::* cpe:2.3:a:fortinet:fortisoaron-premise:7.0.1:::::::* cpe:2.3:a:fortinet:fortisoaron-premise:7.0.0:::::::* cpe:2.3:a:fortinet:fortisoaron-premise:6.4.4:::::::* cpe:2.3:a:fortinet:fortisoaron-premise:6.4.3:::::::* cpe:2.3:a:fortinet:fortisoaron-premise:6.4.1:::::::* cpe:2.3:a:fortinet:fortisoaron-premise:6.4.0:::::::*
Fortinet	FortiDDoS	Affected: 5.5.0 , ≤ 5.5.1 (semver) Affected: 5.4.0 , ≤ 5.4.3 (semver) Affected: 5.3.0 , ≤ 5.3.2 (semver) Affected: 5.2.0 Affected: 5.1.0 Affected: 5.0.0 Affected: 4.7.0 Affected: 4.6.0 Affected: 4.5.0 cpe:2.3:o:fortinet:fortiddos:5.5.1:::::::* cpe:2.3:o:fortinet:fortiddos:5.5.0:::::::* cpe:2.3:o:fortinet:fortiddos:5.4.3:::::::* cpe:2.3:o:fortinet:fortiddos:5.4.2:::::::* cpe:2.3:o:fortinet:fortiddos:5.4.1:::::::* cpe:2.3:o:fortinet:fortiddos:5.4.0:::::::* cpe:2.3:o:fortinet:fortiddos:5.3.2:::::::* cpe:2.3:o:fortinet:fortiddos:5.3.1:::::::* cpe:2.3:o:fortinet:fortiddos:5.3.0:::::::* cpe:2.3:o:fortinet:fortiddos:5.2.0:::::::* cpe:2.3:o:fortinet:fortiddos:5.1.0:::::::* cpe:2.3:o:fortinet:fortiddos:5.0.0:::::::* cpe:2.3:o:fortinet:fortiddos:4.7.0:::::::* cpe:2.3:o:fortinet:fortiddos:4.6.0:::::::* cpe:2.3:o:fortinet:fortiddos:4.5.0:::::::*
Fortinet	FortiWLC	Affected: 8.6.0 , ≤ 8.6.7 (semver) Affected: 8.5.0 , ≤ 8.5.5 (semver) Affected: 8.4.4 , ≤ 8.4.8 (semver) Affected: 8.4.0 , ≤ 8.4.2 (semver) cpe:2.3:a:fortinet:fortiwlc:8.6.7:::::::* cpe:2.3:a:fortinet:fortiwlc:8.6.6:::::::* cpe:2.3:a:fortinet:fortiwlc:8.6.5:::::::* cpe:2.3:a:fortinet:fortiwlc:8.6.4:::::::* cpe:2.3:a:fortinet:fortiwlc:8.6.3:::::::* cpe:2.3:a:fortinet:fortiwlc:8.6.2:::::::* cpe:2.3:a:fortinet:fortiwlc:8.6.1:::::::* cpe:2.3:a:fortinet:fortiwlc:8.6.0:::::::* cpe:2.3:a:fortinet:fortiwlc:8.5.5:::::::* cpe:2.3:a:fortinet:fortiwlc:8.5.4:::::::* cpe:2.3:a:fortinet:fortiwlc:8.5.3:::::::* cpe:2.3:a:fortinet:fortiwlc:8.5.2:::::::* cpe:2.3:a:fortinet:fortiwlc:8.5.1:::::::* cpe:2.3:a:fortinet:fortiwlc:8.5.0:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.8:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.7:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.6:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.5:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.4:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.2:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.1:::::::* cpe:2.3:a:fortinet:fortiwlc:8.4.0:::::::*
Fortinet	FortiAnalyzer	Affected: 7.4.0 , ≤ 7.4.2 (semver) Affected: 7.2.0 , ≤ 7.2.11 (semver) Affected: 7.0.0 , ≤ 7.0.15 (semver) Affected: 6.4.0 , ≤ 6.4.15 (semver) Affected: 6.2.0 , ≤ 6.2.13 (semver) cpe:2.3:o:fortinet:fortianalyzer:7.4.2:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.4.1:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.4.0:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.11:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.10:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.9:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.8:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.7:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.6:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.5:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.4:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.3:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.2:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.1:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.2.0:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.15:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.14:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.13:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.12:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.11:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.10:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.9:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.8:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.7:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.6:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.5:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.4:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.3:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.2:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.1:::::::* cpe:2.3:o:fortinet:fortianalyzer:7.0.0:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.15:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.14:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.13:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.12:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.11:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.10:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.9:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.8:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.7:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.6:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.5:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.4:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.3:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.2:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.1:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.4.0:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.13:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.12:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.11:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.10:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.9:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.8:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.7:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.6:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.5:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.4:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.3:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.2:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.1:::::::* cpe:2.3:o:fortinet:fortianalyzer:6.2.0:::::::*
Fortinet	FortiPortal	Affected: 6.0.0 , ≤ 6.0.9 (semver) cpe:2.3:a:fortinet:fortiportal:6.0.9:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.8:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.7:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.6:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.5:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.4:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.3:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.2:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.1:::::::* cpe:2.3:a:fortinet:fortiportal:6.0.0:::::::*
Fortinet	FortiAuthenticator	Affected: 6.4.0 , ≤ 6.4.1 (semver) Affected: 6.3.0 , ≤ 6.3.3 (semver) Affected: 6.2.0 , ≤ 6.2.2 (semver) Affected: 6.1.0 , ≤ 6.1.3 (semver) Affected: 6.0.0 , ≤ 6.0.8 (semver) Affected: 5.5.0 Affected: 5.4.0 , ≤ 5.4.1 (semver) Affected: 5.3.0 , ≤ 5.3.1 (semver) Affected: 5.2.0 , ≤ 5.2.2 (semver) Affected: 5.1.0 , ≤ 5.1.2 (semver) cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:::::::*
Fortinet	FortiMail	Affected: 7.0.0 , ≤ 7.0.3 (semver) Affected: 6.4.0 , ≤ 6.4.8 (semver) Affected: 6.2.0 , ≤ 6.2.9 (semver) Affected: 6.0.0 , ≤ 6.0.12 (semver) Affected: 5.4.0 , ≤ 5.4.12 (semver) cpe:2.3:a:fortinet:fortimail:7.0.3:::::::* cpe:2.3:a:fortinet:fortimail:7.0.2:::::::* cpe:2.3:a:fortinet:fortimail:7.0.1:::::::* cpe:2.3:a:fortinet:fortimail:7.0.0:::::::* cpe:2.3:a:fortinet:fortimail:6.4.8:::::::* cpe:2.3:a:fortinet:fortimail:6.4.7:::::::* cpe:2.3:a:fortinet:fortimail:6.4.6:::::::* cpe:2.3:a:fortinet:fortimail:6.4.5:::::::* cpe:2.3:a:fortinet:fortimail:6.4.4:::::::* cpe:2.3:a:fortinet:fortimail:6.4.3:::::::* cpe:2.3:a:fortinet:fortimail:6.4.2:::::::* cpe:2.3:a:fortinet:fortimail:6.4.1:::::::* cpe:2.3:a:fortinet:fortimail:6.4.0:::::::* cpe:2.3:a:fortinet:fortimail:6.2.9:::::::* cpe:2.3:a:fortinet:fortimail:6.2.8:::::::* cpe:2.3:a:fortinet:fortimail:6.2.7:::::::* cpe:2.3:a:fortinet:fortimail:6.2.6:::::::* cpe:2.3:a:fortinet:fortimail:6.2.5:::::::* cpe:2.3:a:fortinet:fortimail:6.2.4:::::::* cpe:2.3:a:fortinet:fortimail:6.2.3:::::::* cpe:2.3:a:fortinet:fortimail:6.2.2:::::::* cpe:2.3:a:fortinet:fortimail:6.2.1:::::::* cpe:2.3:a:fortinet:fortimail:6.2.0:::::::* cpe:2.3:a:fortinet:fortimail:6.0.12:::::::* cpe:2.3:a:fortinet:fortimail:6.0.11:::::::* cpe:2.3:a:fortinet:fortimail:6.0.10:::::::* cpe:2.3:a:fortinet:fortimail:6.0.9:::::::* cpe:2.3:a:fortinet:fortimail:6.0.8:::::::* cpe:2.3:a:fortinet:fortimail:6.0.7:::::::* cpe:2.3:a:fortinet:fortimail:6.0.6:::::::* cpe:2.3:a:fortinet:fortimail:6.0.5:::::::* cpe:2.3:a:fortinet:fortimail:6.0.4:::::::* cpe:2.3:a:fortinet:fortimail:6.0.3:::::::* cpe:2.3:a:fortinet:fortimail:6.0.2:::::::* cpe:2.3:a:fortinet:fortimail:6.0.1:::::::* cpe:2.3:a:fortinet:fortimail:6.0.0:::::::* cpe:2.3:a:fortinet:fortimail:5.4.12:::::::* cpe:2.3:a:fortinet:fortimail:5.4.11:::::::* cpe:2.3:a:fortinet:fortimail:5.4.10:::::::* cpe:2.3:a:fortinet:fortimail:5.4.9:::::::* cpe:2.3:a:fortinet:fortimail:5.4.8:::::::* cpe:2.3:a:fortinet:fortimail:5.4.7:::::::* cpe:2.3:a:fortinet:fortimail:5.4.6:::::::* cpe:2.3:a:fortinet:fortimail:5.4.5:::::::* cpe:2.3:a:fortinet:fortimail:5.4.4:::::::* cpe:2.3:a:fortinet:fortimail:5.4.3:::::::* cpe:2.3:a:fortinet:fortimail:5.4.2:::::::* cpe:2.3:a:fortinet:fortimail:5.4.1:::::::* cpe:2.3:a:fortinet:fortimail:5.4.0:::::::*
Fortinet	FortiDDoS-F	Affected: 6.3.0 , ≤ 6.3.3 (semver) Affected: 6.2.0 , ≤ 6.2.3 (semver) Affected: 6.1.0 , ≤ 6.1.5 (semver) cpe:2.3:o:fortinet:fortiddos-f:6.3.3:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.3.2:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.3.1:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.3.0:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.2.3:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.2.2:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.2.1:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.2.0:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.1.5:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.1.4:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.1.3:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.1.2:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.1.1:::::::* cpe:2.3:o:fortinet:fortiddos-f:6.1.0:::::::*
Fortinet	FortiSwitch	Affected: 7.0.0 , ≤ 7.0.4 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) Affected: 6.2.0 , ≤ 6.2.8 (semver) Affected: 6.0.0 , ≤ 6.0.7 (semver) cpe:2.3:a:fortinet:fortiswitch:7.0.4:::::::* cpe:2.3:a:fortinet:fortiswitch:7.0.3:::::::* cpe:2.3:a:fortinet:fortiswitch:7.0.2:::::::* cpe:2.3:a:fortinet:fortiswitch:7.0.1:::::::* cpe:2.3:a:fortinet:fortiswitch:7.0.0:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.10:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.9:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.8:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.7:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.6:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.5:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.4:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.3:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.2:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.1:::::::* cpe:2.3:a:fortinet:fortiswitch:6.4.0:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.8:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.7:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.6:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.5:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.4:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.3:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.2:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.1:::::::* cpe:2.3:a:fortinet:fortiswitch:6.2.0:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.7:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.6:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.5:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.4:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.3:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.2:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.1:::::::* cpe:2.3:a:fortinet:fortiswitch:6.0.0:::::::*
Fortinet	FortiProxy	Affected: 7.0.0 , ≤ 7.0.4 (semver) Affected: 2.0.0 , ≤ 2.0.14 (semver) Affected: 1.2.0 , ≤ 1.2.13 (semver) Affected: 1.1.0 , ≤ 1.1.6 (semver) Affected: 1.0.0 , ≤ 1.0.7 (semver) cpe:2.3:a:fortinet:fortiproxy:7.0.4:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.3:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.2:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.1:::::::* cpe:2.3:a:fortinet:fortiproxy:7.0.0:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.14:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.13:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.12:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.11:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.10:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.9:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.8:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.7:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.6:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.5:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.4:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.3:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.2:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.1:::::::* cpe:2.3:a:fortinet:fortiproxy:2.0.0:::::::* cpe:2.3:a:fortinet:fortiproxy:1.2.13:::::::* cpe:2.3:a:fortinet:fortiproxy:1.2.12:::::::* cpe:2.3:a:fortinet:fortiproxy:1.2.11:::::::* cpe:2.3:a:fortinet:fortiproxy:1.2.10:::::::* cpe:2.3:a:fortinet:fortiproxy:1.2.9:::::::* cpe:2.3:a:fortinet:fortiproxy:1.2.8:::::::* cpe:2.3:a:fortinet:fortiproxy:1.2.7:::::::* cpe:2.3:a:fortinet:fortiproxy:1.2.6:::::::* cpe:2.3:a:fortinet:fortiproxy:1.2.5:::::::* cpe:2.3:a:fortinet:fortiproxy:1.2.4:::::::* cpe:2.3:a:fortinet:fortiproxy:1.2.3:::::::* cpe:2.3:a:fortinet:fortiproxy:1.2.2:::::::* cpe:2.3:a:fortinet:fortiproxy:1.2.1:::::::* cpe:2.3:a:fortinet:fortiproxy:1.2.0:::::::* cpe:2.3:a:fortinet:fortiproxy:1.1.6:::::::* cpe:2.3:a:fortinet:fortiproxy:1.1.5:::::::* cpe:2.3:a:fortinet:fortiproxy:1.1.4:::::::* cpe:2.3:a:fortinet:fortiproxy:1.1.3:::::::* cpe:2.3:a:fortinet:fortiproxy:1.1.2:::::::* cpe:2.3:a:fortinet:fortiproxy:1.1.1:::::::* cpe:2.3:a:fortinet:fortiproxy:1.1.0:::::::* cpe:2.3:a:fortinet:fortiproxy:1.0.7:::::::* cpe:2.3:a:fortinet:fortiproxy:1.0.6:::::::* cpe:2.3:a:fortinet:fortiproxy:1.0.5:::::::* cpe:2.3:a:fortinet:fortiproxy:1.0.4:::::::* cpe:2.3:a:fortinet:fortiproxy:1.0.3:::::::* cpe:2.3:a:fortinet:fortiproxy:1.0.2:::::::* cpe:2.3:a:fortinet:fortiproxy:1.0.1:::::::* cpe:2.3:a:fortinet:fortiproxy:1.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23439",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-22T14:21:27.552014Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-22T14:21:36.714Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:4.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:4.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:4.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:3.9.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:3.9.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:3.9.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:3.8.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:3.7.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:3.7.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:3.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:3.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:3.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:3.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:3.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortitester:3.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiTester",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "lessThanOrEqual": "4.2.1",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.1.1",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "4.0.0"
            },
            {
              "lessThanOrEqual": "3.9.2",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.8.0"
            },
            {
              "lessThanOrEqual": "3.7.1",
              "status": "affected",
              "version": "3.7.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.6.0"
            },
            {
              "lessThanOrEqual": "3.5.1",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.4.0"
            },
            {
              "lessThanOrEqual": "3.3.1",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.17:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.16",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.17",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.18",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.4.*",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiRecorder",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.2",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.10",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.7.7",
              "status": "affected",
              "version": "2.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.6.3",
              "status": "affected",
              "version": "2.6.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiNDR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "lessThanOrEqual": "7.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.5.3",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.4.0"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "status": "affected",
              "version": "1.1.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiADC",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.3",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.6",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.4",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.5",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.7",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.8",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.1.7",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.4",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.11",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiVoice",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR on-premise",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiDDoS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "5.5.1",
              "status": "affected",
              "version": "5.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.3",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.2",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.2.0"
            },
            {
              "status": "affected",
              "version": "5.1.0"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            },
            {
              "status": "affected",
              "version": "4.7.0"
            },
            {
              "status": "affected",
              "version": "4.6.0"
            },
            {
              "status": "affected",
              "version": "4.5.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiWLC",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "8.6.7",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.5",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.2",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.11",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiportal:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiportal:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.0.9",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAuthenticator",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.1",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.3",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.2",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.3",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.8",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.5.0"
            },
            {
              "lessThanOrEqual": "5.4.1",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.1",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.2",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.1.2",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.12",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiDDoS-F",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.3.3",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.3",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.5",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSwitch",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.8",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.7",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.14",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.2.13",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.1.6",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.7",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A externally controlled reference to a resource in another sphere vulnerability in Fortinet  allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-610",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T13:06:07.365Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-494",
          "url": "https://fortiguard.com/psirt/FG-IR-23-494"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "FortiOS\nAdministrative Interface\nUpgrade to FortiOS version 7.0.6 and above,\nUpgrade to FortiOS version 7.2.1 and above.\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nSSLVPN interface\nUpgrade to FortiOS version 7.4.0 or above\nUpgrade to FortiOS version 7.2.5 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebfilter interface (port 8008)\nUpgrade to FortiOS version 7.4.0 or above\nUpgrade to FortiOS version 7.2.5 or above\nUpgrade to FortiOS version 7.0.12 or above\nUpgrade to FortiOS version 6.4.13 or above\n\nFortiProxy\nAdministrative Interface\nUpgrade to FortiProxy version 7.0.5 and above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nSSLVPN interface\nUpgrade to FortiProxy version 7.4.0 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebFilter\u00a0interface (port 8008)\nUpgrade to FortiProxy version 7.4.0 or above\n\nUpgrade to FortiRecorder version 7.0.0 or above \nUpgrade to FortiRecorder version 6.4.3 or above \nUpgrade to FortiRecorder version 6.0.11 or above \nUpgrade to FortiNDR version 7.4.0 or above\n\nFortiAnalyzer \u0026 FortiManager\n\nUpgrade to version 7.6.0 or above \nUpgrade to version 7.4.4 or above \n\nSet the `admin-host` property to the device hostname, which will disable `Host redirection` for administrative interface.\nconfig system global\n    set admin-host  \nend\n\nFortiNDR\nUpgrade to FortiNDR version 7.2.1 or above\nUpgrade to FortiNDR version 7.1.1 or above\nAND\nSet the `https-redirect-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set https-redirect-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\nend\n\nFortiADC\nUpgrade to FortiADC version 7.1.0 or above\nUpgrade to FortiADC version 7.0.2 or above\nUpgrade to FortiADC version 6.2.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n\u00a0 config system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nFortiDDOS-F\nUpgrade to FortiDDoS-F version 6.4.0 or above\nUpgrade to FortiDDoS-F version 6.3.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n\u00a0 config system global\n\u00a0 \u00a0 set admin-host  \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\" \n\nUpgrade to FortiSwitch version 7.2.0 or above \nUpgrade to FortiSwitch version 7.0.5 or above \nUpgrade to FortiSwitch version 6.4.11 or above \nUpgrade to FortiVoice version 7.0.2 or above\nUpgrade to FortiVoice version 6.4.9 or above\nUpgrade to FortiMail version 7.2.0 or above \nUpgrade to FortiMail version 7.0.4 or above \nUpgrade to FortiWLC version 8.6.7 or above \nUpgrade to FortiAuthenticator version 6.4.2 or above \nUpgrade to FortiAuthenticator version 6.3.4 or above \nUpgrade to FortiDDoS version 5.6.0 or above \nUpgrade to FortiDDoS version 5.5.2 or above \nUpgrade to FortiSOAR version 7.3.0 or above \nUpgrade to FortiTester version 7.3.0 or above \nUpgrade to FortiTester version 7.2.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-23439",
    "datePublished": "2025-01-22T09:10:28.669Z",
    "dateReserved": "2022-01-19T07:38:03.512Z",
    "dateUpdated": "2026-01-14T13:06:07.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-56497 (GCVE-0-2024-56497)

Vulnerability from cvelistv5 – Published: 2025-01-14 14:09 – Updated: 2025-01-14 20:55

Summary

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X

CWE

CWE-78 - Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-23-170

Impacted products

Vendor

Product

Version

Fortinet

FortiMail

Affected: 7.2.0 , ≤ 7.2.4 (semver)
Affected: 7.0.0 , ≤ 7.0.6 (semver)
Affected: 6.4.0 , ≤ 6.4.7 (semver)
    cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*

Fortinet

FortiRecorder

Affected: 7.0.0
Affected: 6.4.0 , ≤ 6.4.4 (semver)
    cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-56497",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T15:16:38.876441Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T20:55:21.625Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.7",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiRecorder",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:09:27.433Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-170",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-170"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiMail version 7.4.0 or above \nPlease upgrade to FortiMail version 7.2.5 or above \nPlease upgrade to FortiMail version 7.0.7 or above \nPlease upgrade to FortiMail version 6.4.8 or above \nPlease upgrade to FortiRecorder version 7.2.0 or above \nPlease upgrade to FortiRecorder version 7.0.2 or above \nPlease upgrade to FortiRecorder version 6.4.5 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-56497",
    "datePublished": "2025-01-14T14:09:27.433Z",
    "dateReserved": "2024-12-26T15:39:07.871Z",
    "dateUpdated": "2025-01-14T20:55:21.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-27488 (GCVE-0-2022-27488)

Vulnerability from cvelistv5 – Published: 2023-12-13 06:39 – Updated: 2024-08-03 05:32

Summary

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C

CWE

CWE-352 - Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-22-038

Impacted products

Vendor

Product

Version

Fortinet

FortiVoice

Affected: 6.4.0 , ≤ 6.4.7 (semver)
Affected: 6.0.0 , ≤ 6.0.11 (semver)

Fortinet	FortiRecorder	Affected: 6.4.0 , ≤ 6.4.2 (semver) Affected: 6.0.0 , ≤ 6.0.11 (semver) Affected: 2.7.0 , ≤ 2.7.7 (semver) Affected: 2.6.0 , ≤ 2.6.3 (semver)
Fortinet	FortiSwitch	Affected: 7.0.0 , ≤ 7.0.4 (semver) Affected: 6.4.0 , ≤ 6.4.10 (semver) Affected: 6.2.0 , ≤ 6.2.8 (semver) Affected: 6.0.0 , ≤ 6.0.7 (semver)
Fortinet	FortiNDR	Affected: 7.1.0 Affected: 7.0.0 , ≤ 7.0.4 (semver) Affected: 1.5.0 , ≤ 1.5.3 (semver) Affected: 1.4.0 Affected: 1.3.0 , ≤ 1.3.1 (semver) Affected: 1.2.0 Affected: 1.1.0
Fortinet	FortiMail	Affected: 7.0.0 , ≤ 7.0.3 (semver) Affected: 6.4.0 , ≤ 6.4.6 (semver) Affected: 6.2.0 , ≤ 6.2.9 (semver) Affected: 6.0.0 , ≤ 6.0.12 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:32:57.924Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-22-038",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-038"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiVoice",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.7",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiRecorder",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.4.2",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.7.7",
              "status": "affected",
              "version": "2.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.6.3",
              "status": "affected",
              "version": "2.6.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiSwitch",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.8",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.7",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiNDR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.5.3",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.4.0"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "status": "affected",
              "version": "1.1.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.6",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via\u00a0tricking an authenticated administrator to execute malicious GET requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-13T06:39:42.998Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-22-038",
          "url": "https://fortiguard.com/psirt/FG-IR-22-038"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiVoice version 7.0.0 or above \nPlease upgrade to FortiVoice version 6.4.8 or above \nPlease upgrade to FortiVoice version 6.0.12 or above \nPlease upgrade to FortiRecorder version 7.0.0 or above \nPlease upgrade to FortiRecorder version 6.4.3 or above \nPlease upgrade to FortiRecorder version 6.0.12 or above \nPlease upgrade to FortiSwitch version 7.2.0 or above \nPlease upgrade to FortiSwitch version 7.0.5 or above \nPlease upgrade to FortiSwitch version 6.4.11 or above \nPlease upgrade to FortiNDR version 7.2.0 or above \nPlease upgrade to FortiNDR version 7.1.1 or above \nPlease upgrade to FortiNDR version 7.0.5 or above \nPlease upgrade to FortiMail version 7.2.0 or above \nPlease upgrade to FortiMail version 7.0.4 or above \nPlease upgrade to FortiMail version 6.4.7 or above \n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-27488",
    "datePublished": "2023-12-13T06:39:42.998Z",
    "dateReserved": "2022-03-21T16:03:48.575Z",
    "dateUpdated": "2024-08-03T05:32:57.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36633 (GCVE-0-2023-36633)

Vulnerability from cvelistv5 – Published: 2023-11-14 18:07 – Updated: 2024-08-30 18:10

Summary

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:X/RC:C

CWE

CWE-285 - Information disclosure

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-23-203

Impacted products

	Vendor	Product	Version
	Fortinet	FortiMail	Affected: 7.2.0 , ≤ 7.2.2 (semver) Affected: 7.0.0 , ≤ 7.0.5 (semver) Affected: 6.4.0 , ≤ 6.4.8 (semver) Affected: 6.2.0 , ≤ 6.2.9 (semver) Affected: 6.0.0 , ≤ 6.0.12 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:53.973Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-203",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-203"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36633",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T18:10:02.842844Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-30T18:10:16.620Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T18:07:46.082Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-203",
          "url": "https://fortiguard.com/psirt/FG-IR-23-203"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiMail version 7.4.0 or above \nPlease upgrade to FortiMail version 7.2.3 or above \nPlease upgrade to FortiMail version 7.0.6 or above \n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-36633",
    "datePublished": "2023-11-14T18:07:46.082Z",
    "dateReserved": "2023-06-25T18:03:39.225Z",
    "dateUpdated": "2024-08-30T18:10:16.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45582 (GCVE-0-2023-45582)

Vulnerability from cvelistv5 – Published: 2023-11-14 18:05 – Updated: 2024-08-30 18:14

Summary

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C

CWE

CWE-307 - Improper access control

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-23-287

Impacted products

	Vendor	Product	Version
	Fortinet	FortiMail	Affected: 7.4.0 Affected: 7.2.0 , ≤ 7.2.4 (semver) Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 6.4.0 , ≤ 6.4.8 (semver) Affected: 6.2.0 , ≤ 6.2.9 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:21:16.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-287",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-287"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45582",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T18:14:14.373874Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-30T18:14:28.885Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to\u00a0 perform a brute force attack on the affected endpoints via repeated login attempts."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T18:05:34.247Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-287",
          "url": "https://fortiguard.com/psirt/FG-IR-23-287"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiMail version 7.4.1 or above \nPlease upgrade to FortiMail version 7.2.5 or above \nPlease upgrade to FortiMail version 7.0.7 or above \nPlease upgrade to FortiMail version 6.4.9 or above \n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-45582",
    "datePublished": "2023-11-14T18:05:34.247Z",
    "dateReserved": "2023-10-09T08:01:29.296Z",
    "dateUpdated": "2024-08-30T18:14:28.885Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36637 (GCVE-0-2023-36637)

Vulnerability from cvelistv5 – Published: 2023-10-10 16:50 – Updated: 2024-09-18 20:28

Summary

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields.

Severity ?

3.4 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:F/RL:X/RC:C

CWE

CWE-79 - Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-23-194

Impacted products

	Vendor	Product	Version
	Fortinet	FortiMail	Affected: 7.2.0 , ≤ 7.2.2 (semver) Affected: 7.0.1 , ≤ 7.0.5 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:54.245Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-194",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-194"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36637",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T20:28:17.212998Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T20:28:26.875Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail\u0027s calendar via input fields."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:F/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-10T16:50:16.269Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-194",
          "url": "https://fortiguard.com/psirt/FG-IR-23-194"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiMail version 7.4.0 or above Please upgrade to FortiMail version 7.2.3 or above Please upgrade to FortiMail version 7.0.6 or above "
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-36637",
    "datePublished": "2023-10-10T16:50:16.269Z",
    "dateReserved": "2023-06-25T18:03:39.226Z",
    "dateUpdated": "2024-09-18T20:28:26.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36556 (GCVE-0-2023-36556)

Vulnerability from cvelistv5 – Published: 2023-10-10 16:49 – Updated: 2025-12-16 18:23

Summary

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C

CWE

CWE-863 - Escalation of privilege

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-23-202

Impacted products

	Vendor	Product	Version
	Fortinet	FortiMail	Affected: 7.2.0 , ≤ 7.2.2 (semver) Affected: 7.0.0 , ≤ 7.0.5 (semver) Affected: 6.4.0 , ≤ 6.4.7 (semver) Affected: 6.2.0 , ≤ 6.2.9 (semver) Affected: 6.0.0 , ≤ 6.0.12 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:53.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-202",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-202"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36556",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:57:32.689334Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T18:23:24.904Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.7",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-10T16:49:50.906Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-202",
          "url": "https://fortiguard.com/psirt/FG-IR-23-202"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiMail version 7.4.0 or above Please upgrade to FortiMail version 7.2.3 or above Please upgrade to FortiMail version 7.0.6 or above Please upgrade to FortiMail version 6.4.8 or above "
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-36556",
    "datePublished": "2023-10-10T16:49:50.906Z",
    "dateReserved": "2023-06-23T14:57:30.033Z",
    "dateUpdated": "2025-12-16T18:23:24.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-29056 (GCVE-0-2022-29056)

Vulnerability from cvelistv5 – Published: 2023-03-09 14:54 – Updated: 2024-10-22 20:48

Summary

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

Severity ?

3.5 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:X

CWE

CWE-307 - Denial of service

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-20-078

Impacted products

	Vendor	Product	Version
	Fortinet	FortiMail	Affected: 6.4.0 Affected: 6.2.1 , ≤ 6.2.4 (semver) Affected: 6.0.0 , ≤ 6.0.9 (semver) Affected: 5.4.0 , ≤ 5.4.12 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:10:58.728Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-20-078",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-20-078"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-29056",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:18:21.685042Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:48:02.279Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            },
            {
              "lessThanOrEqual": "6.2.4",
              "status": "affected",
              "version": "6.2.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.9",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.12",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows  a remote unauthenticated attacker to partially exhaust CPU and memory via sending\u00a0numerous HTTP requests to the login form."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "Denial of service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-09T14:54:52.009Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-20-078",
          "url": "https://fortiguard.com/psirt/FG-IR-20-078"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAuthenticator\u00a0version 6.5.0\u00a0or above,\nPlease upgrade to FortiDeceptor\u00a0version 3.2.0\u00a0or above.\nPlease upgrade to FortiMail\u00a0version 6.4.1 or above,\r\nPlease upgrade to FortiMail version 6.2.5\u00a0or above,\r\nPlease upgrade to FortiMail version 6.0.10\u00a0or above."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-29056",
    "datePublished": "2023-03-09T14:54:52.009Z",
    "dateReserved": "2022-04-11T13:56:39.869Z",
    "dateUpdated": "2024-10-22T20:48:02.279Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2025-ALE-006

Vulnerability from certfr_alerte - Published: 2025-05-13 - Updated: 2025-06-24

Le 13 mai 2025, Fortinet a publié un avis de sécurité concernant la vulnérabilité CVE-2025-32756. Celle-ci permet à un attaquant non authentifié d'exécuter du code arbitraire à distance.

L'éditeur indique que cette vulnérabilité est activement exploitée. Les exploitations constatées jusqu'ici concernent les produits FortiVoice.

Fortinet fournit également des marqueurs de compromission à rechercher.

Solutions

Le CERT-FR recommande l'application des correctifs dans les plus brefs délais, se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Si cela n'est pas possible, l'éditeur recommande de désactiver l'interface de gestion. Le CERT-FR rappelle que l'exposition d'une interface de gestion sur Internet est contraire aux bonnes pratiques.

Impacted products

Vendor	Product	Description
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.5
Fortinet	FortiNDR	FortiNDR versions 7.1.x à 7.2.x antérieures à 7.2.5
Fortinet	FortiNDR	FortiNDR versions 7.6.x antérieures à 7.6.1
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.3
Fortinet	FortiRecorder	FortiRecorder versions 7.0.x antérieures à 7.0.6
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.1
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.4
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.0.7
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.7
Fortinet	FortiRecorder	FortiRecorder versions 6.4.x antérieures à 6.4.6
Fortinet	FortiCamera	FortiCamera versions antérieures à 2.1.4
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.8
Fortinet	FortiVoice	FortiVoice versions 6.4.x antérieures à 6.4.11
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.8
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.9

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-25-254	2025-05-13	vendor-advisory
Avis CERT-FR CERTFR-2025-AVI-0399 du 13 mai 2025	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.1.4",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2025-06-24",
  "content": "## Solutions\n\nLe CERT-FR recommande l\u0027application des correctifs dans les plus brefs d\u00e9lais, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).\n\n Si cela n\u0027est pas possible, l\u0027\u00e9diteur recommande de d\u00e9sactiver l\u0027interface de gestion. Le CERT-FR rappelle que l\u0027exposition d\u0027une interface de gestion sur Internet est contraire aux bonnes pratiques.",
  "cves": [
    {
      "name": "CVE-2025-32756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"
    }
  ],
  "initial_release_date": "2025-05-13T00:00:00",
  "last_revision_date": "2025-06-24T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2025-AVI-0399 du 13 mai 2025",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0399/"
    }
  ],
  "reference": "CERTFR-2025-ALE-006",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-13T00:00:00.000000"
    },
    {
      "description": " Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2025-06-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Le 13 mai 2025, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant la vuln\u00e9rabilit\u00e9 CVE-2025-32756.  Celle-ci permet \u00e0 un attaquant non authentifi\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\nL\u0027\u00e9diteur indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e. Les exploitations constat\u00e9es jusqu\u0027ici concernent les produits FortiVoice.\n\nFortinet fournit \u00e9galement des marqueurs de compromission \u00e0 rechercher.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-254"
    }
  ]
}

Search criteria

39 vulnerabilities found for FortiMail by Fortinet

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solution

Solution

Solution

Solution

Solution

Solution

CVE-2025-54972 (GCVE-0-2025-54972)

CVE-2024-47569 (GCVE-0-2024-47569)

CVE-2024-40588 (GCVE-0-2024-40588)

CVE-2025-32756 (GCVE-0-2025-32756)

CVE-2023-33302 (GCVE-0-2023-33302)

CVE-2021-26091 (GCVE-0-2021-26091)

CVE-2023-47539 (GCVE-0-2023-47539)

CVE-2024-46663 (GCVE-0-2024-46663)

CVE-2022-23439 (GCVE-0-2022-23439)

CVE-2024-56497 (GCVE-0-2024-56497)

CVE-2022-27488 (GCVE-0-2022-27488)

CVE-2023-36633 (GCVE-0-2023-36633)

CVE-2023-45582 (GCVE-0-2023-45582)

CVE-2023-36637 (GCVE-0-2023-36637)

CVE-2023-36556 (GCVE-0-2023-36556)

CVE-2022-29056 (GCVE-0-2022-29056)

Solutions