Fortinet: >> Fortios >> 6.4.16 Security Vulnerabilities
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.
CVSS Score
9.0
EPSS Score
0.001
Published
2025-01-14
A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.
CVSS Score
3.7
EPSS Score
0.001
Published
2025-01-14
An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-14
An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-01-14
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.
CVSS Score
6.5
EPSS Score
0.006
Published
2025-01-14
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.
CVSS Score
6.5
EPSS Score
0.006
Published
2025-01-14
An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets.
CVSS Score
5.0
EPSS Score
0.0
Published
2025-01-14
A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-11-12
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials.
CVSS Score
3.7
EPSS Score
0.001
Published
2024-08-13
A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-06-11