Vulnerabilidades em Fortinet

933 resultados

Análise Vexday

Com 933 CVEs catalogadas, o portfólio da Fortinet apresenta uma taxa de exploração ativa significativamente ACIMA da média do catálogo CISA KEV — 6,0 vezes superior —, com 25 vulnerabilidades confirmadas em uso por agentes de ameaça, o que exige atenção redobrada de equipes de resposta. O tipo de falha mais frequente é CWE-78 (OS Command Injection), uma classe de vulnerabilidade que tende a permitir execução remota de comandos e é historicamente atraente para exploração oportunista. O CVE mais perigoso em atividade, CVE-2018-13379, registra EPSS de 1,0 — probabilidade máxima de exploração —, e sua presença no KEV indica que o risco não é teórico. Com 36 CVEs com PoC pública, 59 de severidade crítica e 42 surgidas nos últimos 90 dias, organizações que dependem de produtos Fortinet devem priorizar ciclos de patching contínuos e monitorar ativamente indicadores de comprometimento relacionados a esse ecossistema.

CVE-2023-41840HIGHA untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a maliciousEPSS 0.3%CVE-2022-26113HIGHAn execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 throuEPSS 0.3%CVE-2025-53608MEDIUMAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet ForEPSS 0.3%CVE-2022-45857MEDIUMAn incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attackEPSS 0.3%CVE-2024-27783HIGHMultiple cross-site request forgery (CSRF) weaknesses [CWE-352] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an unauthenticated remoEPSS 0.3%CVE-2026-27316LOWA insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbEPSS 0.3%CVE-2024-52960MEDIUMA client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and beEPSS 0.3%CVE-2025-22256MEDIUMA improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1EPSS 0.3%CVE-2025-22855LOWAn improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient beforEPSS 0.3%CVE-2020-9295MEDIUMFortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 runningEPSS 0.3%CVE-2023-37933HIGHAn improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0EPSS 0.3%CVE-2025-58413MEDIUMA stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, EPSS 0.3%CVE-2025-54822MEDIUMAn improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOEPSS 0.3%CVE-2023-22641MEDIUMA url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, EPSS 0.3%CVE-2022-35844MEDIUMAn improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0EPSS 0.3%CVE-2021-26106HIGHAn improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 througEPSS 0.3%CVE-2024-21759LOWAn authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker EPSS 0.3%CVE-2021-26091MEDIUMA use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption serviceEPSS 0.3%CVE-2025-54973MEDIUMA concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet FortiAnalyEPSS 0.3%CVE-2022-22302MEDIUMA clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 andEPSS 0.3%

← anteriorpágina 36 / 47próxima →