Multiple Fortinet Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-34990 CVSS:9.8

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.

CVE-2024-36513 CVSS:8.2

FortiClient Windows could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request via the lua auto patch function, an <authenticated> attacker could exploit this vulnerability to escalate the privileges .

CVE-2023-50176 CVSS:7.1

Fortinet FortiOS could allow a remote attacker to hijack a user's session. By persuading a victim to click on a specially crafted Web site, an attacker could exploit this vulnerability to gain access to another user's session.

CVE-2024-47574 CVSS:7.8

Fortinet FortiClientWindows could allow a remote attacker to bypass security restrictions caused by improper access control. By sending a specially crafted request PSM, an attacker could exploit this vulnerability to bypass access restrictions to read abitrary file on the system.

CVE-2024-23666 CVSS:7.1

Fortinet FortiAnalyzer-Big Datacould allow a remote attacker to bypass security restrictions caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to read abitrary file on the system.

CVE-2024-47575 CVSS:9.8

Fortinet FortiManager could allow a remote attacker to execute arbitrary code on the system, caused by a missing authentication for critical function vulnerability in the fgfmd daemon. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or commands on the system.

Impact