Fortinet Fortipam vulnerabilities

29 known vulnerabilities affecting fortinet/fortipam.

Total CVEs

29

CISA KEV

1

actively exploited

Public exploits

1

Exploited in wild

1

Severity breakdown

CRITICAL4HIGH14MEDIUM11

Vulnerabilities

Page 2 of 2

CVE-2024-26010HIGHCVSS 7.5≥ 1.0.0, ≤ 1.3.0v1.2.0+1 more2024-06-11

CVE-2024-26010 [HIGH] CWE-121 CVE-2024-26010: A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18,

CVE-2023-45583HIGHCVSS 7.2≥ 1.0.0, ≤ 1.0.3v1.1.02024-05-14

CVE-2023-45583 [MEDIUM] CWE-134 CVE-2023-45583: A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7. A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchM

CVE-2023-36640MEDIUMCVSS 6.7≤ 1.0.3≥ 1.0.0, ≤ 1.0.32024-05-14

CVE-2023-36640 [MEDIUM] CWE-134 CVE-2023-36640: A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7. A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.

CVE-2023-42789CRITICALCVSS 9.8≥ 1.1.0, ≤ 1.1.2≥ 1.0.0, ≤ 1.0.32024-03-12

CVE-2023-42789 [CRITICAL] CWE-787 CVE-2023-42789: A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7. A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

CVE-2023-29181HIGHCVSS 8.8≥ 1.0.0, < 1.1.0≥ 1.0.0, ≤ 1.0.32024-02-22

CVE-2023-29181 [HIGH] CWE-134 CVE-2023-29181: A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows atta

CVE-2024-23113CRITICALCVSS 9.8KEV≥ 1.0.0, ≤ 1.0.3≥ 1.1.0, ≤ 1.1.2+1 more2024-02-15

CVE-2024-23113 [CRITICAL] CWE-134 CVE-2024-23113: A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 throu

CVE-2023-37934MEDIUMCVSS 6.5≥ 1.0.0, < 1.1.0≥ 1.0.0, ≤ 1.0.32024-01-10

CVE-2023-37934 [MEDIUM] CWE-770 CVE-2023-37934: An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency.

CVE-2023-36639HIGHCVSS 8.8≥ 1.0.0, ≤ 1.0.3v1.1.02023-12-13

CVE-2023-36639 [HIGH] CWE-134 CVE-2023-36639: A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7. A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via s

CVE-2023-41678HIGHCVSS 8.8v1.0.0v1.0.1+6 more2023-12-13

CVE-2023-41678 [HIGH] CWE-415 CVE-2023-41678: A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3 A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.

← Previous2 / 2