Vulnerabilidades em Fortinet

933 resultados
Análise Vexday

Com 933 CVEs catalogadas, o portfólio da Fortinet apresenta uma taxa de exploração ativa significativamente ACIMA da média do catálogo CISA KEV — 6,0 vezes superior —, com 25 vulnerabilidades confirmadas em uso por agentes de ameaça, o que exige atenção redobrada de equipes de resposta. O tipo de falha mais frequente é CWE-78 (OS Command Injection), uma classe de vulnerabilidade que tende a permitir execução remota de comandos e é historicamente atraente para exploração oportunista. O CVE mais perigoso em atividade, CVE-2018-13379, registra EPSS de 1,0 — probabilidade máxima de exploração —, e sua presença no KEV indica que o risco não é teórico. Com 36 CVEs com PoC pública, 59 de severidade crítica e 42 surgidas nos últimos 90 dias, organizações que dependem de produtos Fortinet devem priorizar ciclos de patching contínuos e monitorar ativamente indicadores de comprometimento relacionados a esse ecossistema.

CVE-2025-64471MEDIUMA use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1EPSS 0.3%CVE-2023-45586MEDIUMAn insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.EPSS 0.3%CVE-2023-47541MEDIUMAn improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2EPSS 0.3%CVE-2024-32119MEDIUMAn improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacEPSS 0.3%CVE-2021-43074MEDIUMAn improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versionsEPSS 0.3%CVE-2026-22627HIGHA buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 maEPSS 0.3%CVE-2025-59921MEDIUMAn exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and EPSS 0.3%CVE-2025-58692HIGHAn improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] vulnerability in Fortinet ForEPSS 0.3%CVE-2026-23708MEDIUMA improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-preEPSS 0.3%CVE-2025-53847MEDIUMA missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7EPSS 0.3%CVE-2024-36507MEDIUMA untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows anEPSS 0.3%CVE-2025-46215MEDIUMAn Improper Isolation or Compartmentalization vulnerability [CWE-653] in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 throuEPSS 0.3%CVE-2025-58325HIGHAn Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0EPSS 0.3%CVE-2024-23110HIGHA stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.EPSS 0.3%CVE-2023-46720MEDIUMA stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 thrEPSS 0.3%CVE-2024-35280MEDIUMA improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDEPSS 0.3%CVE-2024-33504LOWA use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7EPSS 0.3%CVE-2023-48786MEDIUMA server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an aEPSS 0.3%CVE-2022-39948MEDIUMAn improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all veEPSS 0.3%CVE-2024-27780LOWMultiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 allEPSS 0.3%