📦 Fortimanager

This authentication bypass vulnerability allows attackers with a FortiCloud account and registered device to log into other organizations' Fortinet devices when FortiCloud SSO authentication is enable...

This critical vulnerability allows remote unauthenticated attackers to execute arbitrary code or commands on affected Fortinet devices via crafted requests to the administrative interface. It affects ...

This vulnerability allows attackers to bypass weak authentication mechanisms in multiple Fortinet products via brute-force attacks, potentially leading to unauthorized command execution. Affected syst...

This critical vulnerability in FortiManager allows unauthenticated attackers to execute arbitrary code or commands via specially crafted requests. It affects multiple versions of FortiManager and Fort...

This command injection vulnerability in Fortinet FortiManager allows attackers to execute arbitrary commands with elevated privileges by sending specially crafted packets. Affected systems include For...

This OS command injection vulnerability in Fortinet FortiAnalyzer and FortiManager products allows authenticated privileged attackers to execute arbitrary commands via crafted HTTP/HTTPS requests. Att...

This vulnerability allows attackers to perform brute-force attacks against Fortinet management platforms due to weak authentication mechanisms. Successful exploitation could lead to unauthorized code ...

This CVE describes an incorrect privilege assignment vulnerability in Fortinet FortiAnalyzer, FortiManager, and FortiAnalyzer Cloud products. Attackers can execute specific shell commands to escalate ...

This CVE describes an OS command injection vulnerability in Fortinet FortiManager and FortiManager Cloud products. Authenticated remote attackers can execute arbitrary commands via crafted FGFM reques...

This vulnerability in Fortinet FortiManager allows attackers with valid credentials to gain improper access to FortiGate devices through an operation on a resource after expiration or release. It affe...

This vulnerability allows unauthenticated attackers to access configuration data of managed devices by sending specially crafted packets to Fortinet FortiPortal and FortiManager systems. It affects or...

This path traversal vulnerability in Fortinet FortiManager and FortiAnalyzer allows attackers to execute arbitrary code or commands via specially crafted HTTP/HTTPS requests. Affected organizations in...

This vulnerability allows attackers to execute arbitrary code with elevated privileges on Fortinet FortiManager and FortiAnalyzer systems through specially crafted HTTP requests. It affects organizati...

A use-after-free vulnerability in FortiManager and FortiAnalyzer's fgfmsd daemon allows remote unauthenticated attackers to execute arbitrary code as root by sending specially crafted requests to the ...

This vulnerability allows attackers to execute arbitrary code or commands on Fortinet FortiManager devices through specially crafted HTTP requests due to improper access control. Affected organization...

This CVE describes an OS command injection vulnerability in Fortinet management interfaces that allows authenticated users with READ permissions to execute arbitrary shell commands. The vulnerability ...

This CVE describes an improper certificate validation vulnerability in FortiAnalyzer and FortiManager devices that allows remote unauthenticated attackers to perform man-in-the-middle attacks on commu...

This is a server-side request forgery (SSRF) vulnerability in FortiManager and FortiAnalyser GUI that allows authenticated attackers to make unauthorized requests from the vulnerable system. Attackers...

This vulnerability allows authenticated administrators on affected Fortinet devices to retrieve certificate private keys via the admin shell. This affects FortiAnalyzer, FortiManager, FortiOS, and For...

This path traversal vulnerability in Fortinet FortiManager and FortiManager Cloud allows authenticated remote attackers to overwrite arbitrary files via crafted FGFM requests. Attackers could potentia...

An unauthenticated remote attacker can inject malicious content into FortiAnalyzer and FortiManager logs via crafted login requests. This log pollution vulnerability affects all supported versions of ...

This CVE describes an OS command injection vulnerability in Fortinet FortiManager and FortiAnalyzer products. Attackers can execute arbitrary commands on affected systems by sending crafted CLI reques...

This vulnerability in FortiManager allows attackers with JSON API access permissions to decrypt sensitive data due to hard-coded cryptographic keys. It affects FortiManager versions 7.6.0-7.6.1, 7.4.0...

This path traversal vulnerability in Fortinet FortiManager and FortiAnalyzer allows authenticated admin users with diagnose privileges to delete arbitrary files on the system. It affects specific vers...

A relative path traversal vulnerability in Fortinet FortiManager allows privileged attackers to delete files from the underlying filesystem via crafted HTTP/HTTPS requests. This affects FortiManager v...

This vulnerability allows attackers to escalate privileges on Fortinet FortiManager and FortiAnalyzer systems by executing specific shell commands. Affected users are those running vulnerable versions...

This SQL injection vulnerability in Fortinet FortiAnalyzer and FortiManager allows attackers to execute arbitrary SQL commands through specially crafted HTTP requests, potentially leading to privilege...

This CVE describes OS command injection vulnerabilities in Fortinet FortiManager and FortiAnalyzer products. Authenticated privileged attackers can execute arbitrary commands via crafted CLI requests,...

This vulnerability allows privileged attackers to delete arbitrary files from the underlying filesystem via crafted CLI requests in affected Fortinet products. It affects FortiManager, FortiAnalyzer, ...

This vulnerability allows unauthenticated attackers to execute arbitrary code or commands on affected Fortinet devices by sending specially crafted packets. It affects multiple Fortinet products inclu...

This vulnerability allows authenticated administrators with read permissions in Fortinet FortiManager, FortiAnalyzer, and FortiAnalyzer-BigData to access event logs from administrative domains (adoms)...

This vulnerability allows remote attackers with low-privilege accounts to bypass authorization controls and read sensitive data via crafted HTTP requests. It affects FortiAnalyzer and FortiManager net...