Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-32118

Summary
Assigner-fortinet
Assigner Org ID-6abe59d8-c742-4dff-8ce8-9b0ca1073da8
Published At-12 Nov, 2024 | 18:53
Updated At-12 Nov, 2024 | 20:27
Rejected At-
Credits

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:fortinet
Assigner Org ID:6abe59d8-c742-4dff-8ce8-9b0ca1073da8
Published At:12 Nov, 2024 | 18:53
Updated At:12 Nov, 2024 | 20:27
Rejected At:
â–¼CVE Numbering Authority (CNA)

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

Affected Products
Vendor
Fortinet, Inc.Fortinet
Product
FortiAnalyzer
CPEs
  • cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 7.4.0 through 7.4.2 (semver)
  • From 7.2.0 through 7.2.5 (semver)
  • From 7.0.0 through 7.0.13 (semver)
  • From 6.4.0 through 6.4.15 (semver)
  • From 6.2.0 through 6.2.13 (semver)
Vendor
Fortinet, Inc.Fortinet
Product
FortiManager
CPEs
  • cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 7.4.0 through 7.4.2 (semver)
  • From 7.2.0 through 7.2.5 (semver)
  • From 7.0.0 through 7.0.13 (semver)
  • From 6.4.0 through 6.4.15 (semver)
  • From 6.2.0 through 6.2.13 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-78Execute unauthorized code or commands
Type: CWE
CWE ID: CWE-78
Description: Execute unauthorized code or commands
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Please upgrade to FortiManager version 7.4.3 or above Please upgrade to FortiManager version 7.2.6 or above Please upgrade to FortiAnalyzer-BigData version 7.4.1 or above Please upgrade to FortiAnalyzer-BigData version 7.2.8 or above Please upgrade to FortiAnalyzer version 7.4.3 or above Please upgrade to FortiAnalyzer version 7.2.6 or above

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://fortiguard.fortinet.com/psirt/FG-IR-24-116
N/A
Hyperlink: https://fortiguard.fortinet.com/psirt/FG-IR-24-116
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@fortinet.com
Published At:12 Nov, 2024 | 19:15
Updated At:17 Jan, 2025 | 20:42

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Fortinet, Inc.
fortinet
>>fortianalyzer>>Versions from 6.2.0(inclusive) to 7.2.6(exclusive)
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortianalyzer>>Versions from 7.4.0(inclusive) to 7.4.3(exclusive)
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortianalyzer_big_data>>Versions from 6.2.1(inclusive) to 7.2.8(exclusive)
cpe:2.3:a:fortinet:fortianalyzer_big_data:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortianalyzer_big_data>>7.4.0
cpe:2.3:a:fortinet:fortianalyzer_big_data:7.4.0:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortimanager>>Versions from 6.2.0(inclusive) to 7.2.6(exclusive)
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortimanager>>Versions from 7.4.0(inclusive) to 7.4.3(exclusive)
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarypsirt@fortinet.com
CWE ID: CWE-78
Type: Primary
Source: psirt@fortinet.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://fortiguard.fortinet.com/psirt/FG-IR-24-116psirt@fortinet.com
Vendor Advisory
Hyperlink: https://fortiguard.fortinet.com/psirt/FG-IR-24-116
Source: psirt@fortinet.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

282Records found
CVE-2025-32766
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 7.34%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 18:59
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-46663
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.16%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 14:54
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-FortiMail
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-48418
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.11% / 28.86%
||
7 Day CHG+0.01%
Published-10 Mar, 2026 | 16:44
Updated-12 Mar, 2026 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0 through 7.2.10, FortiManager 7.0.0 through 7.0.14, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortimanagerfortimanager_cloudfortianalyzerfortianalyzer_cloudFortiAnalyzer CloudFortiAnalyzerFortiManager CloudFortiManager
CWE ID-CWE-912
Hidden Functionality
CVE-2023-29182
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 13.80%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 09:42
Updated-08 Oct, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortiOSfortios
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-64157
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.20%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 15:39
Updated-12 May, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.

Action-Not Available
Vendor-Siemens AGFortinet, Inc.
Product-fortiosFortiOSRUGGEDCOM APE1808
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2023-29177
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 17.54%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:07
Updated-30 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiadcfortiddos-fFortiADCFortiDDoS-F
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-28002
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.01% / 0.40%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:05
Updated-11 Jun, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyfortiosFortiProxyFortiOSfortios
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2023-23783
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.57%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 18:05
Updated-23 Oct, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2023-26203
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG-0.07%
Published-03 May, 2023 | 21:27
Updated-23 Oct, 2024 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortinacfortinac-fFortiNAC
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-22639
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 08:41
Updated-23 Oct, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyfortiosFortiOSFortiProxy
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-58325
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.13%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 15:22
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortiOS
CWE ID-CWE-684
Incorrect Provision of Specified Functionality
CVE-2022-26118
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 25.69%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 16:40
Updated-25 Oct, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzerfortimanagerFortinet FortiManager , FortiAnalyzer
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41021
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.10%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 17:48
Updated-25 Oct, 2024 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortinacFortinet FortiNAC
CVE-2022-39947
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.6||HIGH
EPSS-5.22% / 90.04%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 16:58
Updated-07 Nov, 2023 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiadcFortiADC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2015-3611
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-6.37% / 91.11%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 19:14
Updated-06 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortimanagern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-39951
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.2||HIGH
EPSS-0.58% / 69.16%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 16:04
Updated-23 Oct, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-40679
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.1||HIGH
EPSS-0.28% / 51.35%
||
7 Day CHG+0.05%
Published-11 Apr, 2023 | 16:05
Updated-23 Oct, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiddosfortiadcfortiddos-fFortiADCFortiDDoSFortiDDoS-F
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-29017
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.8||HIGH
EPSS-5.55% / 90.37%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 16:03
Updated-25 Oct, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortideceptorFortinet FortiDeceptor
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-31104
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7||HIGH
EPSS-0.46% / 64.15%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 16:36
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiadcFortiADC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-35849
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.4||HIGH
EPSS-0.31% / 54.55%
||
7 Day CHG~0.00%
Published-13 Sep, 2023 | 12:30
Updated-16 Dec, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiadcFortiADC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-35845
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.6||HIGH
EPSS-3.87% / 88.37%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 16:57
Updated-07 Nov, 2023 | 03:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortiTester
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33870
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.28% / 51.35%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 00:00
Updated-25 Oct, 2024 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortinet FortiTester
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33872
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.97% / 88.52%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 00:00
Updated-25 Oct, 2024 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortinet FortiTester
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33869
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8||HIGH
EPSS-1.29% / 79.86%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 18:07
Updated-23 Oct, 2024 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwanFortiWAN
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33874
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.97% / 88.52%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 00:00
Updated-25 Oct, 2024 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortinet FortiTester
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33873
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.8||MEDIUM
EPSS-21.65% / 95.81%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 00:00
Updated-25 Oct, 2024 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortinet FortiTester
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-30303
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.6||HIGH
EPSS-1.32% / 80.09%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 18:05
Updated-23 Oct, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-29061
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.2||HIGH
EPSS-2.95% / 86.62%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 06:55
Updated-25 Oct, 2024 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisoarFortinet FortiSOAR
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-27489
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7||HIGH
EPSS-1.48% / 81.20%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 18:06
Updated-23 Oct, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiextender_firmwarefortiextenderFortiExtender
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-7341
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.2||HIGH
EPSS-2.53% / 85.62%
||
7 Day CHG~0.00%
Published-26 Oct, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortiwlcn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-23109
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.7||CRITICAL
EPSS-6.96% / 91.54%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 13:26
Updated-14 Jan, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisiemFortiSIEMfortisiem
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-22301
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.86%
||
7 Day CHG~0.00%
Published-02 Mar, 2022 | 10:00
Updated-25 Oct, 2024 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiap-cFortinet FortiAP-C
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-39808
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.1||CRITICAL
EPSS-25.45% / 96.29%
||
7 Day CHG+1.10%
Published-14 Apr, 2026 | 15:38
Updated-22 Apr, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisandboxFortiSandbox PaaSFortiSandbox
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-23108
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.7||CRITICAL
EPSS-90.39% / 99.62%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 13:26
Updated-19 May, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisiemFortiSIEM
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-21755
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.6||HIGH
EPSS-1.04% / 77.73%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 14:24
Updated-14 Jan, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisandboxFortiSandboxfortisandbox
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36182
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.8||HIGH
EPSS-0.75% / 73.32%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 10:20
Updated-25 Oct, 2024 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortinet FortiWeb
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-21756
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.6||HIGH
EPSS-1.04% / 77.73%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 14:24
Updated-14 Jan, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisandboxFortiSandboxfortisandbox
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-4965
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.70% / 92.01%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortiwann/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-25836
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.55%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:44
Updated-12 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisandbox_cloudFortiSandbox PaaSFortiSandbox Cloud
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-54024
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7||HIGH
EPSS-0.37% / 58.71%
||
7 Day CHG-0.50%
Published-08 Apr, 2025 | 14:02
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiisolatorFortiIsolator
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-54018
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.25% / 84.78%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 14:54
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisandboxFortiSandbox
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-48891
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.02% / 6.71%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 15:22
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access (via another hypothetical vulnerability) to perform a local privilege escalation via crafted commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisoarFortiSOAR on-premise
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-48782
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.6||HIGH
EPSS-3.86% / 88.35%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 06:37
Updated-25 Feb, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwlmFortiWLM
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-64153
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 27.49%
||
7 Day CHG+0.01%
Published-09 Dec, 2025 | 17:18
Updated-14 Jan, 2026 | 09:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiextenderfortiextender_firmwareFortiExtender
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-64155
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.4||CRITICAL
EPSS-0.08% / 23.26%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 16:32
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisiemFortiSIEM
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-41838
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.23% / 45.91%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 16:49
Updated-18 Sep, 2024 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzerfortimanagerFortiManagerFortiAnalyzer
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-36553
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.3||CRITICAL
EPSS-2.73% / 86.12%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:05
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisiemFortiSIEM
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-36547
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.6||CRITICAL
EPSS-1.41% / 80.71%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 16:51
Updated-19 Sep, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwlmFortiWLMfortiwlm
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-36550
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.6||CRITICAL
EPSS-1.41% / 80.71%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 16:51
Updated-19 Sep, 2024 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwlmFortiWLMfortiwlm
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-36548
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.6||CRITICAL
EPSS-1.41% / 80.71%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 16:51
Updated-19 Sep, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwlmFortiWLM
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found