Created on 2024-11-13 15:13 and updated on 2024-11-13 15:13.
Description
FG-IR-24-115 Arbitrary file read in administrative interface CVE-2024-32117
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22]...
FortiAnalyzer 7.4.2, 7.4.1, 7.4.0, 7.2.5, 7.2.4 ... FortiAnalyzer-BigData 7.4.0, 7.2.7, 7.2.6, 7.2.5, 7.2.4 ... FortiManager 7.4.2, 7.4.1, 7.4.0, 7.2.5, 7.2.4 ...
Published: Nov 12, 2024
Published: Nov 12, 2024
GUI
GUI
Medium Severity
FG-IR-24-032 FortiOS - Improper authentication in fgfmd CVE-2024-26011
An improper authentication vulnerability [CWE-287] in FortiManager, FortiOS, FortiPAM, FortiPortal,...
FortiManager 7.4.2, 7.4.1, 7.4.0, 7.2.4, 7.2.3 ... FortiOS 7.4.3, 7.4.2, 7.4.1, 7.4.0, 7.2.7 ... FortiPAM 1.2.0, 1.1.2, 1.1.1, 1.1.0, 1.0.3 ... FortiPortal 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10 ... FortiProxy 7.4.2, 7.4.1, 7.4.0, 7.2.9, 7.2.8 ... FortiSwitchManager 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.3 ...
Published: Nov 12, 2024
Published: Nov 12, 2024
Medium Severity
FG-IR-23-475 FortiOS - SSLVPN session hijacking using SAML authentication CVE-2023-50176
A session fixation vulnerability [CWE-384] in FortiOS may allow an unauthenticated attacker to hijack user...
FortiOS 7.4.3, 7.4.2, 7.4.1, 7.4.0, 7.2.7 ...
Published: Nov 12, 2024
Published: Nov 12, 2024
SSL-VPN
SSL-VPN
High Severity
FG-IR-24-125 Heap buffer overflow in httpd CVE-2024-33505
A heap-based buffer overflow vulnerability [CWE-122] in FortiManager and FortiAnalyzer httpd daemon may...
FortiAnalyzer 7.4.2, 7.4.1, 7.4.0, 7.2.5, 7.2.4 ... FortiAnalyzer Cloud 7.4.2, 7.4.1, 7.2.6, 7.2.5, 7.2.4 ... FortiManager 7.4.2, 7.4.1, 7.4.0, 7.2.5, 7.2.4 ... FortiManager Cloud 7.4.2, 7.4.1, 7.2.6, 7.2.5, 7.2.4 ...
Published: Nov 12, 2024
Published: Nov 12, 2024
GUI
GUI
Medium Severity
FG-IR-23-267 Lack of capacity to filter logs by administrator access CVE-2023-44255
An Exposure of personal information to an unauthorized actor [CWE-359] in FortiManager, FortiAnalyzer &...
FortiAnalyzer 7.4.2, 7.4.1, 7.4.0, 7.2.8, 7.2.7 ... FortiAnalyzer-BigData 7.4.0, 7.2.8, 7.2.7, 7.2.6, 7.2.5 ... FortiManager 7.4.2, 7.4.1, 7.4.0, 7.2.8, 7.2.7 ...
Published: Nov 12, 2024
Published: Nov 12, 2024
GUI
GUI
Low Severity
FG-IR-24-116 OS command injection in CLI command CVE-2024-32118
An improper neutralization of special elements used in an OS command ('OS Command Injection')...
FortiAnalyzer 7.4.2, 7.4.1, 7.4.0, 7.2.5, 7.2.4 ... FortiAnalyzer-BigData 7.4.0, 7.2.7, 7.2.6, 7.2.5, 7.2.4 ... FortiManager 7.4.2, 7.4.1, 7.4.0, 7.2.5, 7.2.4 ...
Published: Nov 12, 2024
Published: Nov 12, 2024
CLI
CLI
Medium Severity
FG-IR-24-099 Path traversal vulnerability in CLI commands CVE-2024-32116
Multiple relative path traversal vulnerabilities [CWE-23] in FortiManager, FortiAnalyzer &...
FortiAnalyzer 7.4.2, 7.4.1, 7.4.0, 7.2.5, 7.2.4 ... FortiAnalyzer-BigData 7.4.0, 7.2.7, 7.2.6, 7.2.5, 7.2.4 ... FortiManager 7.4.2, 7.4.1, 7.4.0, 7.2.5, 7.2.4 ...
Published: Nov 12, 2024
Published: Nov 12, 2024
CLI
CLI
Medium Severity
FG-IR-24-179 Path traversal vulnerability leading to file creation CVE-2024-35274
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22]...
FortiAnalyzer 7.4.2, 7.4.1, 7.4.0, 7.2.8, 7.2.7 ... FortiAnalyzer-BigData 7.4.0, 7.2.8, 7.2.7, 7.2.6, 7.2.5 ... FortiManager 7.4.2, 7.4.1, 7.4.0, 7.2.8, 7.2.7 ...
Published: Nov 12, 2024
Published: Nov 12, 2024
CLI
CLI
Low Severity
FG-IR-23-396 Readonly users could run some sensitive operations CVE-2024-23666
A client-side enforcement of server-side security vulnerability [CWE-602] in FortiAnalyzer may allow an...
FortiAnalyzer 7.4.1, 7.4.0, 7.2.4, 7.2.3, 7.2.2 ... FortiAnalyzer-BigData 7.4.0, 7.2.6, 7.2.5, 7.2.4, 7.2.3 ... FortiManager 7.4.1, 7.4.0, 7.2.4, 7.2.3, 7.2.2 ...
Published: Nov 12, 2024
Published: Nov 12, 2024
High Severity
FG-IR-24-033 SSLVPN WEB UI Text injection CVE-2024-33510
An improper neutralization of special elements in output used by a downstream component ('Injection')...
FortiOS 7.4.3, 7.4.2, 7.4.1, 7.4.0, 7.2.8 ... FortiProxy 7.4.3, 7.4.2, 7.4.1, 7.4.0, 7.2.9 ...
Published: Nov 12, 2024
Published: Nov 12, 2024
GUI
GUI
Low Severity
FG-IR-24-098 Stack buffer overflow in CLI command CVE-2024-31496
A stack-based buffer overflow vulnerability [CWE-121] in FortiManager, FortiAnalyzer and...
FortiAnalyzer 7.4.2, 7.4.1, 7.4.0, 7.2.5, 7.2.4 ... FortiAnalyzer-BigData 7.4.0, 7.2.7, 7.2.6, 7.2.5, 7.2.4 ... FortiManager 7.4.2, 7.4.1, 7.4.0, 7.2.5, 7.2.4 ...
Published: Nov 12, 2024
Published: Nov 12, 2024