Vulnerabilidades em Fortinet

933 resultados
Análise Vexday

Com 933 CVEs catalogadas, o portfólio da Fortinet apresenta uma taxa de exploração ativa significativamente ACIMA da média do catálogo CISA KEV — 6,0 vezes superior —, com 25 vulnerabilidades confirmadas em uso por agentes de ameaça, o que exige atenção redobrada de equipes de resposta. O tipo de falha mais frequente é CWE-78 (OS Command Injection), uma classe de vulnerabilidade que tende a permitir execução remota de comandos e é historicamente atraente para exploração oportunista. O CVE mais perigoso em atividade, CVE-2018-13379, registra EPSS de 1,0 — probabilidade máxima de exploração —, e sua presença no KEV indica que o risco não é teórico. Com 36 CVEs com PoC pública, 59 de severidade crítica e 42 surgidas nos últimos 90 dias, organizações que dependem de produtos Fortinet devem priorizar ciclos de patching contínuos e monitorar ativamente indicadores de comprometimento relacionados a esse ecossistema.

CVE-2025-67862MEDIUMAn Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6EPSS 0.1%CVE-2022-33878LOWAn exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 maEPSS 0.1%CVE-2022-45859LOWAn insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and beEPSS 0.1%CVE-2025-46775MEDIUMA debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through EPSS 0.1%CVE-2022-40678HIGHAn insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11,EPSS 0.1%CVE-2025-47761HIGHAn Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, EPSS 0.1%CVE-2024-54019MEDIUMA improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 EPSS 0.1%CVE-2024-50570MEDIUMA Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 tEPSS 0.1%CVE-2026-39814MEDIUMA relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.1EPSS 0.1%CVE-2025-46776MEDIUMA buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiEEPSS 0.1%CVE-2025-62439LOWAn Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4,EPSS 0.1%CVE-2025-54660MEDIUMAn active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWEPSS 0.1%CVE-2024-45328HIGHAn incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute EPSS 0.1%CVE-2025-46373HIGHA Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.EPSS 0.1%CVE-2021-22131MEDIUMA improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS versioEPSS 0.1%CVE-2025-54821LOWAn Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.11EPSS 0.1%CVE-2026-39809MEDIUMA improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 througEPSS 0.1%CVE-2024-40592MEDIUMAn improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, verEPSS 0.1%CVE-2025-32766MEDIUMA stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileEPSS 0.1%CVE-2022-41327HIGHA cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0EPSS 0.1%