Vulnerabilidades em Fortinet

933 resultados
Análise Vexday

Com 933 CVEs catalogadas, o portfólio da Fortinet apresenta uma taxa de exploração ativa significativamente ACIMA da média do catálogo CISA KEV — 6,0 vezes superior —, com 25 vulnerabilidades confirmadas em uso por agentes de ameaça, o que exige atenção redobrada de equipes de resposta. O tipo de falha mais frequente é CWE-78 (OS Command Injection), uma classe de vulnerabilidade que tende a permitir execução remota de comandos e é historicamente atraente para exploração oportunista. O CVE mais perigoso em atividade, CVE-2018-13379, registra EPSS de 1,0 — probabilidade máxima de exploração —, e sua presença no KEV indica que o risco não é teórico. Com 36 CVEs com PoC pública, 59 de severidade crítica e 42 surgidas nos últimos 90 dias, organizações que dependem de produtos Fortinet devem priorizar ciclos de patching contínuos e monitorar ativamente indicadores de comprometimento relacionados a esse ecossistema.

CVE-2023-36640MEDIUMA use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions,EPSS 0.3%CVE-2024-40585MEDIUMAn insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, versioEPSS 0.3%CVE-2025-62631MEDIUMAn insufficient session expiration vulnerability [CWE-613] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 alEPSS 0.3%CVE-2022-22301HIGHAn improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 EPSS 0.3%CVE-2023-22642MEDIUMAn improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8EPSS 0.3%CVE-2025-61886MEDIUMAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet ForEPSS 0.3%CVE-2025-25252MEDIUMAn Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10EPSS 0.3%CVE-2025-64156MEDIUMAn improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7EPSS 0.3%CVE-2023-47542MEDIUMA improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 EPSS 0.3%CVE-2026-22574MEDIUMA storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2EPSS 0.3%CVE-2026-25088MEDIUMAn improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6EPSS 0.3%CVE-2021-42759MEDIUMA violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauEPSS 0.3%CVE-2025-54838MEDIUMAn Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a sharedEPSS 0.3%CVE-2026-22576MEDIUMA storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2EPSS 0.3%CVE-2024-45329LOWA authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 EPSS 0.3%CVE-2023-25611MEDIUMA improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 EPSS 0.3%CVE-2023-45588HIGHAn external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installEPSS 0.3%CVE-2022-26118MEDIUMA privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may alEPSS 0.3%CVE-2023-50180MEDIUMAn exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, vEPSS 0.3%CVE-2022-29053LOWA missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 throughEPSS 0.3%