Vulnerabilities in Fortinet

933 results

Vexday analysis

Com 933 CVEs catalogadas, o portfólio da Fortinet apresenta uma taxa de exploração ativa significativamente ACIMA da média do catálogo CISA KEV — 6,0 vezes superior —, com 25 vulnerabilidades confirmadas em uso por agentes de ameaça, o que exige atenção redobrada de equipes de resposta. O tipo de falha mais frequente é CWE-78 (OS Command Injection), uma classe de vulnerabilidade que tende a permitir execução remota de comandos e é historicamente atraente para exploração oportunista. O CVE mais perigoso em atividade, CVE-2018-13379, registra EPSS de 1,0 — probabilidade máxima de exploração —, e sua presença no KEV indica que o risco não é teórico. Com 36 CVEs com PoC pública, 59 de severidade crítica e 42 surgidas nos últimos 90 dias, organizações que dependem de produtos Fortinet devem priorizar ciclos de patching contínuos e monitorar ativamente indicadores de comprometimento relacionados a esse ecossistema.

CVE-2023-22635MEDIUMA download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 allEPSS 0.1%CVE-2024-35281LOWAn improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.EPSS 0.1%CVE-2025-57741HIGHAn Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11EPSS 0.1%CVE-2026-25815LOWFortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild fEPSS 0.1%CVE-2025-59669MEDIUMA use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0EPSS 0.1%CVE-2025-25253MEDIUMAn Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and beEPSS 0.1%CVE-2026-39810MEDIUMA use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosEPSS 0.1%CVE-2025-61713LOWA Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPEPSS 0.1%CVE-2026-44278LOWA use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions EPSS 0.1%CVE-2026-44279MEDIUMAn improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 allEPSS 0.1%CVE-2024-40593MEDIUMA key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 alEPSS 0.1%CVE-2025-55717LOWA cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.EPSS 0.1%CVE-2025-46774MEDIUMAn Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version EPSS 0.1%

← previouspage 47 / 47next →