Fortinet Fortindr vulnerabilities

11 known vulnerabilities affecting fortinet/fortindr.

Total CVEs

11

CISA KEV

1

actively exploited

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH4MEDIUM6

Vulnerabilities

Page 1 of 1

CVE-2024-47569MEDIUMCVSS 4.3≥ 1.5.0, < 7.4.9≥ 7.6.0, ≤ 7.6.2+5 more2025-10-14

CVE-2024-47569 [MEDIUM] CWE-201 CVE-2024-47569: A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 throug A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 al

CVE-2024-40588MEDIUMCVSS 4.4≥ 7.0.0, < 7.4.7≥ 7.6.0, < 7.6.2+5 more2025-08-12

CVE-2024-40588 [MEDIUM] CWE-23 CVE-2024-40588: Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0

CVE-2025-32756CRITICALCVSS 9.8KEV≥ 7.0.0, < 7.0.7≥ 7.2.0, < 7.2.5+15 more2025-05-13

CVE-2025-32756 [CRITICAL] CWE-121 CVE-2025-32756: A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 th A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiN

CVE-2023-33302HIGHCVSS 8.8≥ 1.1.0, < 7.2.1v7.2.0+7 more2025-03-31

CVE-2023-33302 [MEDIUM] CWE-120 CVE-2023-33302: A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webm A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly

CVE-2021-24008MEDIUMCVSS 5.3≥ 1.5.0, ≤ 1.5.3v1.4.0+3 more2025-03-28

CVE-2021-24008 [MEDIUM] CWE-200 CVE-2021-24008: An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497 An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version

CVE-2024-47573MEDIUMCVSS 6.5≥ 7.0.0, < 7.2.2≥ 7.4.0, < 7.4.3+4 more2025-03-14

CVE-2024-47573 [MEDIUM] CWE-354 CVE-2024-47573: An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 an An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image.

CVE-2023-48790HIGHCVSS 8.8≥ 1.5.0, < 7.0.6≥ 7.1.0, < 7.1.2+5 more2025-03-11

CVE-2023-48790 [HIGH] CWE-352 CVE-2023-48790: A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 throu A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests.

CVE-2022-23439MEDIUMCVSS 6.1≥ 1.4.0, < 7.1.1v7.2.0+7 more2025-01-22

CVE-2022-23439 [MEDIUM] CWE-610 CVE-2022-23439: A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

CVE-2022-27488HIGHCVSS 8.8≥ 7.0.0, ≤ 7.0.4v7.1.0+5 more2023-12-13

CVE-2022-27488 [HIGH] CWE-352 CVE-2022-27488: A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwit A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a re

CVE-2021-36193HIGHCVSS 7.2≥ 1.5.0, ≤ 1.5.3v1.4.0+3 more2022-02-02

CVE-2021-36193 [MEDIUM] CWE-121 CVE-2021-36193: Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may a Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.

CVE-2021-42757MEDIUMCVSS 6.7≥ 1.1.0, ≤ 1.5.2≥ 1.5.0, ≤ 1.5.2+4 more2021-12-08

CVE-2021-42757 [MEDIUM] CWE-120 CVE-2021-42757: A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 thr A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.