Fortinet: >> Fortiswitchmanager >> 7.2.1 Security Vulnerabilities
CVE-2024-23113
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Known exploited
CVSS Score
9.8
EPSS Score
0.495
Published
2024-02-15
An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2
7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-09-07
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-13
Page 2