Fortinet Fortipam

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Fortinet Fortipam.

By the Year

In 2025 there have been 12 vulnerabilities in Fortinet Fortipam with an average score of 6.7 out of ten. Last year, in 2024 Fortipam had 8 security vulnerabilities published. That is, 4 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 1.46

Year	Vulnerabilities	Average Score
2025	12	6.67
2024	8	8.14
2023	2	8.80

It may take a day or so for new Fortipam vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortinet Fortipam Security Vulnerabilities

FortiOS 7.4.0-7.4.3 SSL request reset (CWE-703)
CVE-2024-26008 5 - Medium - October 14, 2025

An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests.

Improper Check for Unusual or Exceptional Conditions

Fortinet Forti* - Sensitive Data Disclosure via Crafted Packets (v<=7.6)
CVE-2024-47569 4.2 - Medium - October 14, 2025

A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiVoice 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.7 through 6.0.12, FortiMail 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.9, FortiOS 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, 6.2.0 through 6.2.17, 6.0.0 through 6.0.18, FortiWeb 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.11, 7.0.0 through 7.0.11, 6.4.0 through 6.4.3, FortiRecorder 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiNDR 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.5, 7.1.0 through 7.1.1, 7.0.0 through 7.0.7, 1.5.0 through 1.5.3, FortiPAM 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiTester 7.4.0 through 7.4.2, 7.3.0 through 7.3.2, 7.2.0 through 7.2.3, 7.1.0 through 7.1.1, 7.0.0, 4.2.0 through 4.2.1, FortiProxy 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.21, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager 7.6.0 through 7.6.1, 7.4.1 through 7.4.3 allows attacker to disclose sensitive information via specially crafted packets.

Insertion of Sensitive Information Into Sent Data

Fortinet FortiSRA/OS/etc Heap BF < 7.6.2 / 1.5.0 Priv Esc via HTTP
CVE-2025-22258 5.7 - Medium - October 14, 2025

A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy 7.6.0 through 7.6.1, 7.4.0 through 7.4.7, FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.2 through 7.0.16, FortiSwitchManager 7.2.1 through 7.2.5 allows attackers to escalate their privilege via specially crafted http requests.

Heap-based Buffer Overflow

FortiProxy <=7.6.1 & 7.4.8: Unauth MITM via Cert Host Mismatch
CVE-2025-25253 6.8 - Medium - October 14, 2025

An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy

Improper Validation of Certificate with Host Mismatch

Fortinet FortiOS Heap Buffer Overflow CVE-2025-57740 (v<7.6.2/7.4.7/7.2.10)
CVE-2025-57740 6.7 - Medium - October 14, 2025

An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests.

Heap-based Buffer Overflow

Weak auth in FortiPAM 1.01.5.0/ FortiSwitchManager 7.2.07.2.4 allows unauthorized code exec via craf
CVE-2025-49201 7.4 - High - October 14, 2025

A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests

1390

Fortinet FortiOS RCE via Double Free (CVE-2023-45584)
CVE-2023-45584 7.2 - High - August 12, 2025

A double free vulnerability [CWE-415] in Fortinet FortiOS version 7.4.0, version 7.2.0 through 7.2.5 and before 7.0.12, FortiProxy version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 and FortiPAM version 1.1.0 through 1.1.2 and before 1.0.3 allows a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.

Double-free

Auth Bypass via FGFM Path in FortiOS 6.4 and FortiProxy 7.4/7.2 (CVE-2024-26009)
CVE-2024-26009 8.1 - High - August 12, 2025

An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and before 7.0.15 & FortiPAM before version 1.2.0 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager's serial number.

Authentication Bypass Using an Alternate Path or Channel

FortiOS <=7.6.2 Integer Overflow Vulnerability Allows DoS via SSL-VPN
CVE-2025-25248 6.5 - Medium - August 12, 2025

An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the device SSL-VPN availability via crafted requests.

Integer Overflow or Wraparound

Fortinet FortiPAM/FortiSRA Improper Access Control via HTTP (1.0-1.4.x)
CVE-2025-22256 8.8 - High - June 10, 2025

A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests

Improper Handling of Insufficient Permissions or Privileges

FortiOS Format-String CVE-2024-45324 (v7.4.0-7.4.4 & v7.2.0-7.2.9 +)
CVE-2024-45324 7 - High - March 11, 2025

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.

Use of Externally-Controlled Format String

Fortinet Forti* formatstring flaw (7.4.07.4.1/7.2.6) allows RCE
CVE-2023-40721 - February 11, 2025

A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.6, FortiProxy version 7.4.0 and before 7.2.7, FortiPAM version 1.1.2 and before 1.0.3, FortiSwitchManager version 7.2.0 through 7.2.2 and before 7.0.2 allows a privileged attacker to execute arbitrary code or commands via specially crafted requests.

Use of Externally-Controlled Format String

Fortinet FortiManager/FortiPAM/FortiProxy/FortiSwitchManager/FortiPortal/FortiOS: Missing Authentica
CVE-2024-26011 9.8 - Critical - November 12, 2024

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets.

Missing Authentication for Critical Function

Insufficient Session Expiration in FortiOS 7.2.5 GUI
CVE-2022-45862 8.8 - High - August 13, 2024

An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials.

Insufficient Session Expiration

Fortinet FortiPAM 1.01.2 Stack-Based Buffer Overflow (CVE-2024-26010)
CVE-2024-26010 7.5 - High - June 11, 2024

A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specially crafted packets.

Memory Corruption

FortiProxy Format String Vulnerability (v7.2.0-7.2.4, v7.0.0-7.0.10)
CVE-2023-36640 6.7 - Medium - May 14, 2024

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands

Use of Externally-Controlled Format String

Fortinet FortiProxy Format String CVE-2023-45583 (v7.2.0-7.2.5, v7.0.0-7.0.11)
CVE-2023-45583 7.2 - High - May 14, 2024

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.

Use of Externally-Controlled Format String

External Format String in FortiOS 6.07.2 (Unauth Exec)
CVE-2023-29181 8.8 - High - February 22, 2024

A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command.

Use of Externally-Controlled Format String

FmtStr RCE in Fortinet FortiOS 7.0-7.4 Arbitrary Code Exec
CVE-2024-23113 9.8 - Critical - February 15, 2024

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.

Use of Externally-Controlled Format String

Resource exhaustion DoS via crafted HTTP/HTTPS requests in FortiPAM 1.0 (all)
CVE-2023-37934 6.5 - Medium - January 10, 2024

An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency.

Allocation of Resources Without Limits or Throttling

ExternallyControlled Format String in Fortinet FortiProxy/FortiOS 67.2
CVE-2023-36639 8.8 - High - December 13, 2023

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.

Use of Externally-Controlled Format String

Double Free in FortiOS 7.0.0-7.0.5 & FortiPAM 1.0.0-1.1.1 Enables RCE
CVE-2023-41678 8.8 - High - December 13, 2023

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.

Double-free

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fortinet Fortipam or by Fortinet? Click the Watch button to subscribe.

Fortinet
Vendor

Fortinet Fortipam
Product

Fortinet Fortipam

Don't miss out!

By the Year

Recent Fortinet Fortipam Security Vulnerabilities

FortiOS 7.4.0-7.4.3 SSL request reset (CWE-703) CVE-2024-26008 5 - Medium - October 14, 2025

Fortinet Forti* - Sensitive Data Disclosure via Crafted Packets (v<=7.6) CVE-2024-47569 4.2 - Medium - October 14, 2025

Fortinet FortiSRA/OS/etc Heap BF < 7.6.2 / 1.5.0 Priv Esc via HTTP CVE-2025-22258 5.7 - Medium - October 14, 2025

FortiProxy <=7.6.1 & 7.4.8: Unauth MITM via Cert Host Mismatch CVE-2025-25253 6.8 - Medium - October 14, 2025

Fortinet FortiOS Heap Buffer Overflow CVE-2025-57740 (v<7.6.2/7.4.7/7.2.10) CVE-2025-57740 6.7 - Medium - October 14, 2025

Weak auth in FortiPAM 1.01.5.0/ FortiSwitchManager 7.2.07.2.4 allows unauthorized code exec via craf CVE-2025-49201 7.4 - High - October 14, 2025

Fortinet FortiOS RCE via Double Free (CVE-2023-45584) CVE-2023-45584 7.2 - High - August 12, 2025

Auth Bypass via FGFM Path in FortiOS 6.4 and FortiProxy 7.4/7.2 (CVE-2024-26009) CVE-2024-26009 8.1 - High - August 12, 2025

FortiOS <=7.6.2 Integer Overflow Vulnerability Allows DoS via SSL-VPN CVE-2025-25248 6.5 - Medium - August 12, 2025

Fortinet FortiPAM/FortiSRA Improper Access Control via HTTP (1.0-1.4.x) CVE-2025-22256 8.8 - High - June 10, 2025

FortiOS Format-String CVE-2024-45324 (v7.4.0-7.4.4 & v7.2.0-7.2.9 +) CVE-2024-45324 7 - High - March 11, 2025

Fortinet Forti* formatstring flaw (7.4.07.4.1/7.2.6) allows RCE CVE-2023-40721 - February 11, 2025

Fortinet FortiManager/FortiPAM/FortiProxy/FortiSwitchManager/FortiPortal/FortiOS: Missing Authentica CVE-2024-26011 9.8 - Critical - November 12, 2024

Insufficient Session Expiration in FortiOS 7.2.5 GUI CVE-2022-45862 8.8 - High - August 13, 2024

Fortinet FortiPAM 1.01.2 Stack-Based Buffer Overflow (CVE-2024-26010) CVE-2024-26010 7.5 - High - June 11, 2024

FortiProxy Format String Vulnerability (v7.2.0-7.2.4, v7.0.0-7.0.10) CVE-2023-36640 6.7 - Medium - May 14, 2024

Fortinet FortiProxy Format String CVE-2023-45583 (v7.2.0-7.2.5, v7.0.0-7.0.11) CVE-2023-45583 7.2 - High - May 14, 2024

External Format String in FortiOS 6.07.2 (Unauth Exec) CVE-2023-29181 8.8 - High - February 22, 2024

FmtStr RCE in Fortinet FortiOS 7.0-7.4 Arbitrary Code Exec CVE-2024-23113 9.8 - Critical - February 15, 2024

Resource exhaustion DoS via crafted HTTP/HTTPS requests in FortiPAM 1.0 (all) CVE-2023-37934 6.5 - Medium - January 10, 2024

ExternallyControlled Format String in Fortinet FortiProxy/FortiOS 67.2 CVE-2023-36639 8.8 - High - December 13, 2023

Double Free in FortiOS 7.0.0-7.0.5 & FortiPAM 1.0.0-1.1.1 Enables RCE CVE-2023-41678 8.8 - High - December 13, 2023

Stay on top of Security Vulnerabilities

Fortinet Vendor

Fortinet FortipamProduct

FortiOS 7.4.0-7.4.3 SSL request reset (CWE-703)
CVE-2024-26008 5 - Medium - October 14, 2025

Fortinet Forti* - Sensitive Data Disclosure via Crafted Packets (v<=7.6)
CVE-2024-47569 4.2 - Medium - October 14, 2025

Fortinet FortiSRA/OS/etc Heap BF < 7.6.2 / 1.5.0 Priv Esc via HTTP
CVE-2025-22258 5.7 - Medium - October 14, 2025

FortiProxy <=7.6.1 & 7.4.8: Unauth MITM via Cert Host Mismatch
CVE-2025-25253 6.8 - Medium - October 14, 2025

Fortinet FortiOS Heap Buffer Overflow CVE-2025-57740 (v<7.6.2/7.4.7/7.2.10)
CVE-2025-57740 6.7 - Medium - October 14, 2025

Weak auth in FortiPAM 1.01.5.0/ FortiSwitchManager 7.2.07.2.4 allows unauthorized code exec via craf
CVE-2025-49201 7.4 - High - October 14, 2025

Fortinet FortiOS RCE via Double Free (CVE-2023-45584)
CVE-2023-45584 7.2 - High - August 12, 2025

Auth Bypass via FGFM Path in FortiOS 6.4 and FortiProxy 7.4/7.2 (CVE-2024-26009)
CVE-2024-26009 8.1 - High - August 12, 2025

FortiOS <=7.6.2 Integer Overflow Vulnerability Allows DoS via SSL-VPN
CVE-2025-25248 6.5 - Medium - August 12, 2025

Fortinet FortiPAM/FortiSRA Improper Access Control via HTTP (1.0-1.4.x)
CVE-2025-22256 8.8 - High - June 10, 2025

FortiOS Format-String CVE-2024-45324 (v7.4.0-7.4.4 & v7.2.0-7.2.9 +)
CVE-2024-45324 7 - High - March 11, 2025

Fortinet Forti* formatstring flaw (7.4.07.4.1/7.2.6) allows RCE
CVE-2023-40721 - February 11, 2025

Fortinet FortiManager/FortiPAM/FortiProxy/FortiSwitchManager/FortiPortal/FortiOS: Missing Authentica
CVE-2024-26011 9.8 - Critical - November 12, 2024

Insufficient Session Expiration in FortiOS 7.2.5 GUI
CVE-2022-45862 8.8 - High - August 13, 2024

Fortinet FortiPAM 1.01.2 Stack-Based Buffer Overflow (CVE-2024-26010)
CVE-2024-26010 7.5 - High - June 11, 2024

FortiProxy Format String Vulnerability (v7.2.0-7.2.4, v7.0.0-7.0.10)
CVE-2023-36640 6.7 - Medium - May 14, 2024

Fortinet FortiProxy Format String CVE-2023-45583 (v7.2.0-7.2.5, v7.0.0-7.0.11)
CVE-2023-45583 7.2 - High - May 14, 2024

External Format String in FortiOS 6.07.2 (Unauth Exec)
CVE-2023-29181 8.8 - High - February 22, 2024

FmtStr RCE in Fortinet FortiOS 7.0-7.4 Arbitrary Code Exec
CVE-2024-23113 9.8 - Critical - February 15, 2024

Resource exhaustion DoS via crafted HTTP/HTTPS requests in FortiPAM 1.0 (all)
CVE-2023-37934 6.5 - Medium - January 10, 2024

ExternallyControlled Format String in Fortinet FortiProxy/FortiOS 67.2
CVE-2023-36639 8.8 - High - December 13, 2023

Double Free in FortiOS 7.0.0-7.0.5 & FortiPAM 1.0.0-1.1.1 Enables RCE
CVE-2023-41678 8.8 - High - December 13, 2023

Fortinet
Vendor

Fortinet Fortipam
Product