📦 Fortianalyzer

This authentication bypass vulnerability allows attackers with a FortiCloud account and registered device to log into other organizations' Fortinet devices when FortiCloud SSO authentication is enable...

This critical vulnerability allows remote unauthenticated attackers to execute arbitrary code or commands on affected Fortinet devices via crafted requests to the administrative interface. It affects ...

This vulnerability allows attackers to bypass weak authentication mechanisms in multiple Fortinet products via brute-force attacks, potentially leading to unauthorized command execution. Affected syst...

This OS command injection vulnerability in Fortinet FortiAnalyzer and FortiManager products allows authenticated privileged attackers to execute arbitrary commands via crafted HTTP/HTTPS requests. Att...

This vulnerability allows attackers to perform brute-force attacks against Fortinet management platforms due to weak authentication mechanisms. Successful exploitation could lead to unauthorized code ...

This CVE describes an incorrect privilege assignment vulnerability in Fortinet FortiAnalyzer, FortiManager, and FortiAnalyzer Cloud products. Attackers can execute specific shell commands to escalate ...

This path traversal vulnerability in Fortinet FortiManager and FortiAnalyzer allows attackers to execute arbitrary code or commands via specially crafted HTTP/HTTPS requests. Affected organizations in...

This vulnerability allows attackers to execute arbitrary code with elevated privileges on Fortinet FortiManager and FortiAnalyzer systems through specially crafted HTTP requests. It affects organizati...

A use-after-free vulnerability in FortiManager and FortiAnalyzer's fgfmsd daemon allows remote unauthenticated attackers to execute arbitrary code as root by sending specially crafted requests to the ...

CVE-2024-45330 is a format string vulnerability in Fortinet FortiAnalyzer that allows attackers to escalate privileges via specially crafted requests. This affects FortiAnalyzer versions 7.4.0 through...

This CVE describes an OS command injection vulnerability in Fortinet management interfaces that allows authenticated users with READ permissions to execute arbitrary shell commands. The vulnerability ...

This CVE describes an improper certificate validation vulnerability in FortiAnalyzer and FortiManager devices that allows remote unauthenticated attackers to perform man-in-the-middle attacks on commu...

This is a server-side request forgery (SSRF) vulnerability in FortiManager and FortiAnalyser GUI that allows authenticated attackers to make unauthorized requests from the vulnerable system. Attackers...

This vulnerability allows authenticated administrators on affected Fortinet devices to retrieve certificate private keys via the admin shell. This affects FortiAnalyzer, FortiManager, FortiOS, and For...

A race condition vulnerability in Fortinet FortiAnalyzer allows attackers to bypass FortiCloud SSO authorization by sending specially crafted requests during concurrent execution. This affects FortiAn...

An unauthenticated remote attacker can inject malicious content into FortiAnalyzer and FortiManager logs via crafted login requests. This log pollution vulnerability affects all supported versions of ...

This CVE describes an OS command injection vulnerability in Fortinet FortiManager and FortiAnalyzer products. Attackers can execute arbitrary commands on affected systems by sending crafted CLI reques...

This path traversal vulnerability in Fortinet FortiManager and FortiAnalyzer allows authenticated admin users with diagnose privileges to delete arbitrary files on the system. It affects specific vers...

This vulnerability allows attackers to escalate privileges on Fortinet FortiManager and FortiAnalyzer systems by executing specific shell commands. Affected users are those running vulnerable versions...

This SQL injection vulnerability in Fortinet FortiAnalyzer and FortiManager allows attackers to execute arbitrary SQL commands through specially crafted HTTP requests, potentially leading to privilege...

This CVE describes OS command injection vulnerabilities in Fortinet FortiManager and FortiAnalyzer products. Authenticated privileged attackers can execute arbitrary commands via crafted CLI requests,...

This vulnerability allows privileged attackers to delete arbitrary files from the underlying filesystem via crafted CLI requests in affected Fortinet products. It affects FortiManager, FortiAnalyzer, ...

This vulnerability allows authenticated administrators with read permissions in Fortinet FortiManager, FortiAnalyzer, and FortiAnalyzer-BigData to access event logs from administrative domains (adoms)...

This vulnerability allows remote attackers with low-privilege accounts to bypass authorization controls and read sensitive data via crafted HTTP requests. It affects FortiAnalyzer and FortiManager net...