Vulnerabilities
Vulnerable Software
A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-10-10
A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.
CVSS Score
6.5
EPSS Score
0.014
Published
2023-10-10


Contact Us

Shodan ® - All rights reserved