Summary
| Detail | |||
|---|---|---|---|
| Vendor | Fortinet | First view | 2013-06-25 |
| Product | Fortios | Last view | 2025-07-15 |
| Version | 4.2.4 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:fortinet:fortios | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.7 | 2025-07-15 | CVE-2025-24477 | A heap-based buffer overflow in Fortinet FortiOS versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2.4 through 7.2.11 allows an attacker to escalate its privileges via a specially crafted CLI command |
| 3.7 | 2025-05-28 | CVE-2025-47295 | A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker's control. |
| 5.3 | 2025-05-28 | CVE-2025-47294 | A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via a specially crafted request. |
| 7.2 | 2025-05-28 | CVE-2025-22252 | A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass. |
| 4.4 | 2025-04-08 | CVE-2024-32122 | A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server. |
| 9.8 | 2025-02-11 | CVE-2025-24472 | AnĀ Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests. |
| 7.2 | 2025-02-11 | CVE-2024-40591 | An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control. |
| 0 | 2025-02-11 | CVE-2024-35279 | A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface. |
| 6.1 | 2025-01-22 | CVE-2022-23439 | A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver |
| 9.8 | 2025-01-16 | CVE-2024-50563 | A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. |
| 9.1 | 2025-01-16 | CVE-2024-48885 | A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets. |
| 9.8 | 2025-01-14 | CVE-2024-55591 | AnĀ Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests toĀ Node.js websocket module. |
| 9.8 | 2025-01-14 | CVE-2024-54021 | An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header. |
| 5.9 | 2025-01-14 | CVE-2024-52963 | A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets. |
| 9.8 | 2025-01-14 | CVE-2024-48886 | A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. |
| 9.1 | 2025-01-14 | CVE-2024-48884 | A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets. |
| 7.5 | 2025-01-14 | CVE-2024-46670 | AnĀ Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests. |
| 6.5 | 2025-01-14 | CVE-2024-46669 | AnĀ Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service. |
| 7.5 | 2025-01-14 | CVE-2024-46668 | An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads. |
| 3.7 | 2025-01-14 | CVE-2024-46665 | An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests. |
| 4.3 | 2025-01-14 | CVE-2023-46715 | An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets. |
| 6.5 | 2025-01-14 | CVE-2023-42786 | A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request. |
| 6.5 | 2025-01-14 | CVE-2023-42785 | A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request. |
| 8.8 | 2024-12-19 | CVE-2020-12820 | Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter. |
| 7.5 | 2024-12-19 | CVE-2020-12819 | A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 13% (20) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 12% (19) | CWE-787 | Out-of-bounds Write |
| 6% (10) | CWE-200 | Information Exposure |
| 4% (7) | CWE-134 | Uncontrolled Format String |
| 4% (7) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 4% (6) | CWE-295 | Certificate Issues |
| 3% (5) | CWE-476 | NULL Pointer Dereference |
| 3% (5) | CWE-20 | Improper Input Validation |
| 2% (4) | CWE-345 | Insufficient Verification of Data Authenticity |
| 2% (4) | CWE-306 | Missing Authentication for Critical Function |
| 2% (3) | CWE-798 | Use of Hard-coded Credentials |
| 2% (3) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
| 2% (3) | CWE-312 | Cleartext Storage of Sensitive Information |
| 2% (3) | CWE-287 | Improper Authentication |
| 2% (3) | CWE-269 | Improper Privilege Management |
| 2% (3) | CWE-190 | Integer Overflow or Wraparound |
| 1% (2) | CWE-613 | Insufficient Session Expiration |
| 1% (2) | CWE-436 | Interpretation Conflict |
| 1% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
| 1% (2) | CWE-203 | Information Exposure Through Discrepancy |
| 1% (2) | CWE-125 | Out-of-bounds Read |
| 1% (2) | CWE-121 | Stack-based Buffer Overflow |
| 1% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 0% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
| 0% (1) | CWE-755 | Improper Handling of Exceptional Conditions |
SAINT Exploits
| Description | Link |
|---|---|
| FortiOS Fortimanager_Access SSH account backdoor | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 26528 | Fortigate Firewalls - CSRF Vulnerability |
SnortĀ® IPS/IDS
| Date | Description |
|---|---|
| 2019-10-10 | Fortigate SSL VPN cross site scripting attempt RuleID : 51470 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-10 | Fortigate SSL VPN cross site scripting attempt RuleID : 51469 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-10 | Fortigate SSL VPN cross site scripting attempt RuleID : 51468 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-10 | Fortigate SSL VPN cross site scripting attempt RuleID : 51467 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-10 | Fortigate SSL VPN cross site scripting attempt RuleID : 51466 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-10 | Fortigate SSL VPN cross site scripting attempt RuleID : 51465 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-01 | Fortinet Fortigate SSL VPN improper authorization attempt RuleID : 51387 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-01 | Fortigate SSL VPN javascript parsing heap buffer overflow attempt RuleID : 51376 - Type : SERVER-OTHER - Revision : 1 |
| 2019-10-01 | Fortigate SSL VPN javascript parsing heap buffer overflow attempt RuleID : 51375 - Type : SERVER-OTHER - Revision : 1 |
| 2019-10-01 | Fortinet FortiOS SSL VPN web portal directory traversal attempt RuleID : 51372 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-01 | Fortinet FortiOS SSL VPN web portal directory traversal attempt RuleID : 51371 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-01 | Fortinet FortiOS SSL VPN web portal directory traversal attempt RuleID : 51370 - Type : SERVER-WEBAPP - Revision : 1 |
| 2018-02-08 | Fortinet FortiOS redir parameter cross site scripting attempt RuleID : 45401 - Type : SERVER-WEBAPP - Revision : 2 |
| 2016-10-20 | Fortigate Firewall HTTP cookie buffer overflow RuleID : 40241 - Type : SERVER-OTHER - Revision : 2 |
NessusĀ® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-12-05 | Name: The remote host is affected by an information disclosure vulnerability. File: fortios_FG-IR-18-325.nasl - Type: ACT_GATHER_INFO |
| 2018-10-05 | Name: The remote host is affected by an information disclosure vulnerability. File: fortios_FG-IR-18-085.nasl - Type: ACT_GATHER_INFO |
| 2018-06-29 | Name: The remote host is affected by multiple vulnerabilities. File: fortios_FG-IR-18-027.nasl - Type: ACT_GATHER_INFO |
| 2018-06-08 | Name: The remote host is affected by multiple vulnerabilities. File: fortios_FG-IR-17-245.nasl - Type: ACT_GATHER_INFO |
| 2018-02-02 | Name: The remote host is affected by a cross-site scripting vulnerability. File: fortios_FG-IR-17-262.nasl - Type: ACT_GATHER_INFO |
| 2017-11-30 | Name: The remote host is affected by a cross-site scripting vulnerability. File: fortios_FG-IR-17-242.nasl - Type: ACT_GATHER_INFO |
| 2017-08-02 | Name: The remote host is affected by multiple vulnerabilities. File: fortios_FG-IR-17-104.nasl - Type: ACT_GATHER_INFO |
| 2016-12-01 | Name: The remote host is affected by an information disclosure vulnerability. File: fortios_CVE-2016-8492.nasl - Type: ACT_GATHER_INFO |
| 2016-08-29 | Name: A web-based management console running on the remote host is affected by a re... File: fortios_cookie_parsing_bof.nasl - Type: ACT_DESTRUCTIVE_ATTACK |
| 2016-08-26 | Name: The remote host is affected by a remote code execution vulnerability. File: fortios_FG-IR-16-023.nasl - Type: ACT_GATHER_INFO |
| 2016-01-13 | Name: The SSH server running on the remote host can be logged into using default SS... File: fortios_ssh_backdoor.nasl - Type: ACT_ATTACK |
| 2015-09-23 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201508-01.nasl - Type: ACT_GATHER_INFO |
| 2015-09-04 | Name: The remote host is affected by a man-in-the-middle spoofing vulnerability. File: fortios_ssl_vpn_tls_mac_mitm.nasl - Type: ACT_GATHER_INFO |
| 2014-09-30 | Name: The remote host is affected by multiple vulnerabilities. File: fortios_FG-IR-14-006.nasl - Type: ACT_GATHER_INFO |
| 2014-04-15 | Name: The remote host is affected by a security bypass vulnerability. File: fortios_FGA-2013-20.nasl - Type: ACT_GATHER_INFO |
| 2014-04-15 | Name: The remote host is affected by multiple cross-site request forgery vulnerabil... File: fortios_FGA-2013-22.nasl - Type: ACT_GATHER_INFO |
