Fortinet – Qualys ThreatPROTECT

Fortinet Addresses Code Execution Vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder & FortiCamera (CVE-2025-32756)

Posted by Diksha Ojha on May 14, 2025May 14, 2025

Fortinet released a security advisory to address a critical severity vulnerability impacting FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. Tracked as CVE-2025-32756, the vulnerability has a CVSS score of 9.6. A remote unauthenticated attacker may exploit the stack-based overflow vulnerability to execute arbitrary code or commands via crafted HTTP requests.

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability Exploited in Attacks (CVE-2024-55591)

Posted by Diksha Ojha on January 15, 2025February 7, 2025

Fortinet released a security advisory to address a zero-day vulnerability tracked as CVE-2024-55591. The vulnerability has a critical severity rating with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow a remote attacker to gain super-admin privileges via crafted requests to the Node.js websocket module. Fortinet mentioned in the advisory that the authentication … Continue reading “Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability Exploited in Attacks (CVE-2024-55591)”

Fortinet FortiWLM Unauthenticated Limited File Read Vulnerability (CVE-2023-34990)

Posted by Diksha Ojha on December 19, 2024December 22, 2024

Fortinet released a security advisory to address an unauthenticated file read vulnerability in FortiWLM. Tracked as CVE-2024-34990, the vulnerability has a critical severity rating with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to read sensitive files. The vulnerability originates from a path traversal issue that may … Continue reading “Fortinet FortiWLM Unauthenticated Limited File Read Vulnerability (CVE-2023-34990)”

Fortinet FortiClientLinux Remote Code Execution Vulnerability (CVE-2023-45590)

Posted by Diksha Ojha on April 11, 2024November 11, 2024

Fortinet FortiClientLinux is vulnerable to a critical severity flaw being tracked as CVE-2023-45590. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on the affected systems. To exploit this improper code injection flaw, an attacker must trick a FortiClientLinux user into visiting a malicious website.

FortiClient Endpoint Management Server (EMS) SQL Injection Vulnerability (CVE-2023-48788)

Posted by Diksha Ojha on March 18, 2024March 25, 2024

Fortinet addressed a critical severity vulnerability impacting the FortiClient Enterprise Management Server. Tracked as CVE-2023-48788, the vulnerability may allow an attacker to achieve code execution on affected systems. The vulnerability has been given a CVSS score of 9.3.

FortiOS & FortiProxy Out-of-bounds Write Vulnerability in Captive Portal (CVE-2023-42789 & CVE-2023-42790)

Posted by Diksha Ojha on March 14, 2024March 18, 2024

Fortinet has released a patch to address two vulnerabilities impacting FortiOS and FortiProxy. Tracked as CVE-2023-42789 & CVE-2023-42790, the vulnerabilities are given a critical severity rating with a CVSS score of 9.3. Successful exploitation of the vulnerabilities may allow an attacker to execute unauthorized code.

FortiOS Out-of-Bound Write Vulnerability Under Active Exploitation (CVE-2024-21762)

Posted by Diksha Ojha on February 9, 2024February 13, 2024

Fortinet has addressed an out-of-bounds write vulnerability impacting FortiOS. Tracked as CVE-2024-21762, the vulnerability has a critical severity rating with a CVSS score 9.6. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. Fortinet quoted in the advisory that vulnerability is potentially exploited … Continue reading “FortiOS Out-of-Bound Write Vulnerability Under Active Exploitation (CVE-2024-21762)”

Fortinet Patches Critical Arbitrary Code Execution Vulnerability in FortiNAC (CVE-2023-33299)

Posted by Diksha Ojha on June 27, 2023June 27, 2023

Fortinet addressed an arbitrary code execution vulnerability in FortiNAC. CVE-2023-33299 has been rated as critical with a CVSS base score of 9.6. Florian Hauser from CODE WHITE has discovered and reported the vulnerability to Fortinet. Successful exploitation of the vulnerability may allow an unauthenticated attacker to execute unauthorized code on the target system. FortiNAC is … Continue reading “Fortinet Patches Critical Arbitrary Code Execution Vulnerability in FortiNAC (CVE-2023-33299)”

Fortinet FortiOS Critical Heap-Based Buffer Overflow Vulnerability (CVE-2023-27997)

Posted by Diksha Ojha on June 15, 2023June 18, 2023

Fortinet has addressed a heap-based buffer overflow vulnerability in its network operating system, FortiOS. CVE-2023-27997 has been given a critical severity with a CVSS score of 9.2. Charles Fol and Dany Bach from LEXFO have discovered and reported the vulnerability to Fortinet. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code … Continue reading “Fortinet FortiOS Critical Heap-Based Buffer Overflow Vulnerability (CVE-2023-27997)”

Fortinet Releases Patches to Address Multiple Vulnerabilities in Popular Fortinet Products

Posted by Diksha Ojha on April 13, 2023April 19, 2023

Fortinet has released a security advisory to address 21 vulnerabilities in multiple products, with severity ratings ranging from medium to high. Four of the 21 vulnerabilities are given high severity ratings (CVE-2022-40682, CVE-2022-42470, CVE-2022-43946, and CVE-2022-41330). The vulnerabilities affect Fortinet products such as FortiClient, FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiADC, FortiWeb, FortiSandbox, FortiDeceptor, FortiGate, and FortiAuthenticator. … Continue reading “Fortinet Releases Patches to Address Multiple Vulnerabilities in Popular Fortinet Products”