FortiWeb Fortinet FortiWeb

  1. Vendors
  2. Fortinet
  3. FortiWeb

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Fortinet FortiWeb.

Known Exploited Fortinet FortiWeb Vulnerabilities

The following Fortinet FortiWeb vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Fortinet FortiWeb OS Command Injection Vulnerability Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
CVE-2025-58034 Exploit Probability: 53.9% 		November 18, 2025
Fortinet FortiWeb Path Traversal Vulnerability Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
CVE-2025-64446 Exploit Probability: 89.8% 		November 14, 2025
Fortinet FortiWeb SQL Injection Vulnerability Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
CVE-2025-25257 Exploit Probability: 64.9% 		July 18, 2025

The vulnerability CVE-2025-64446: Fortinet FortiWeb Path Traversal Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. 2 known exploited Fortinet FortiWeb vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 0 vulnerabilities in Fortinet FortiWeb. Last year, in 2025 FortiWeb had 30 security vulnerabilities published. Right now, FortiWeb is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 30 7.12
2024 8 7.34
2023 27 7.15
2022 5 7.70
2021 29 7.50
2020 3 6.00
2019 1 6.10

It may take a day or so for new FortiWeb vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortinet FortiWeb Security Vulnerabilities

Improper SAML Signature Verification in FortiWeb 8.0/7.6.x/7.4.x (SSO Bypass)
CVE-2025-59719 9.1 - Critical - December 09, 2025

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Improper Verification of Cryptographic Signature

FortiWeb 7.0-8.0.x: Auth via Password Hash Replay
CVE-2025-64471 4.4 - Medium - December 09, 2025

A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests

Use of Password Hash Instead of Password for Authentication

FortiWeb Cookie Integrity Flaw 8.0.0-8.0.1 / 7.6.0-7.6.5 (CVE-2025-64447)
CVE-2025-64447 7.1 - High - December 09, 2025

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.

Reliance on Cookies without Validation and Integrity Checking

FortiWeb 7.x Hard-Coded Creds Enables Attacker to Access Redis
CVE-2025-59669 4.8 - Medium - November 18, 2025

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data

Use of Hard-coded Credentials

FortiWeb OS Command Injection in 7.x-8.0.1 via Crafted HTTP/CLI (CWE-78)
CVE-2025-58034 6.7 - Medium - November 18, 2025

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.

Shell injection

Path Traversal in FortiWeb 7.08.0.1 allows admin exec
CVE-2025-64446 9.4 - Critical - November 14, 2025

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

Relative Path Traversal

Fortinet Forti* - Sensitive Data Disclosure via Crafted Packets (v<=7.6)
CVE-2024-47569 4.2 - Medium - October 14, 2025

A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets.

Insertion of Sensitive Information Into Sent Data

A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may
CVE-2025-53609 4.7 - Medium - September 09, 2025

A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests.

Relative Path Traversal

FortiWeb OS Command Injection RCE via CLI, v7.6.0-7.6.3/7.4.0-7.4.7/7.2.0-7.2.10
CVE-2025-27759 - August 12, 2025

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI commands

Shell injection

FortiWeb CLI Buffer Overflow (RCE) 7.6.0-7.6.3 & <7.4.8
CVE-2025-32766 6.7 - Medium - August 12, 2025

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands

Stack Overflow

FortiWeb 7.6.0-7.6.3 CLI OSCI RCE Vulnerability
CVE-2025-47857 - August 12, 2025

A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands.

Shell injection

FortiWeb <=7.6.3 Privilege Escalation via Improper Parameter Handling
CVE-2025-52970 - August 12, 2025

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.

Improper Handling of Parameters

SQLi in Fortinet FortiWeb 7.0.10-7.6.3
CVE-2025-25257 9.6 - Critical - July 17, 2025

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

SQL Injection

Improper Privilege Escalation in Fortinet FortiOS 7.6.x via Node.js WebSocket
CVE-2025-22254 6.5 - Medium - June 10, 2025

An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 & FortiWeb version 7.6.0 through 7.6.1 and before 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module.

Improper Privilege Management

FortiWeb Widgets Dashboard ACL Bypass via Read-Only Admin (v7.6.2 or earlier)
CVE-2024-46671 7.2 - High - April 08, 2025

An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests.

Incorrect User Management

Path Traversal in FortiWeb 7.6.2 and earlier via endpoint (auth admin)
CVE-2025-25254 - April 08, 2025

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to access and modify the filesystem via crafted requests.

Directory traversal

FortiOS/Proxy/Manager CVE-2024-26013: Improper Channel Restriction (CWE-923)
CVE-2024-26013 - April 08, 2025

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device

Improper Restriction of Communication Channel to Intended Endpoints

Fortinet FortiOS <=7.4.3 Vulnerable to MIM Impersonation (CVE-2024-50565)
CVE-2024-50565 7.5 - High - April 08, 2025

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device

Man-in-the-Middle / MITM

FortiOS/FortiProxy 7.x Admin Interface Buffer Underwrite (CVE-2023-25610)
CVE-2023-25610 - March 24, 2025

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

buffer underrun

RCE via Malformed HTTP in FortiWeb 7.0-7.4 (CVE-2024-55594)
CVE-2024-55594 9.8 - Critical - March 14, 2025

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

Improper Handling of Syntactically Invalid Structure

FortiWeb SQLi via log DB prior to 7.0.1, 6.4.2, 6.3.20 & 6.2.7
CVE-2022-29059 7.2 - High - March 14, 2025

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands over the log database via specifically crafted strings parameters.

SQL Injection

FortiOS Format-String CVE-2024-45324 (v7.4.0-7.4.4 & v7.2.0-7.2.9 +)
CVE-2024-45324 7 - High - March 11, 2025

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.

Use of Externally-Controlled Format String

FortiWeb 7.x cmdExec via Invalid Syntax in HTTP
CVE-2023-42784 9.8 - Critical - March 11, 2025

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

Improper Handling of Syntactically Invalid Structure

Path traversal in Fortinet FortiWeb 7.0-7.6.0 allowing remote code execution
CVE-2024-55597 7.2 - High - March 11, 2025

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests.

Directory traversal

FortiWeb 7.4.0-7.6.0 OS Command Injection
CVE-2024-50567 - February 11, 2025

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

Shell injection

FortiWeb 7.0.0-7.6.0 os Command Injection (CVE-2024-50569)
CVE-2024-50569 7.2 - High - February 11, 2025

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

Shell injection

Fortinet FortiRecorder PathTraversal (v7.2.0-7.2.1, v7.0.0-7.0.4)
CVE-2024-48885 9.1 - Critical - January 16, 2025

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets.

Directory traversal

Path Trv Remote Auth Write in FortiManager 7.6.0-7.6.1, 7.4.1-7.4.3 (Fortinet)
CVE-2024-48884 9.1 - Critical - January 14, 2025

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder

Directory traversal

FortiWeb 7.2/7.4 Stack Buffer Overflow via CLI (CWE-120)
CVE-2024-21758 6.7 - Medium - January 14, 2025

A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protections.

Stack Overflow

FortiWeb SQLi 6.3.177.6.1: Improper Neutralization of Special Elements (SQL Injection)
CVE-2024-55593 2.7 - Low - January 14, 2025

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries

SQL Injection

FortiWeb: Exposure of Sensitive Information in Log Access Event
CVE-2024-36509 4.4 - Medium - November 12, 2024

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.

Exposure of Sensitive System Information to an Unauthorized Control Sphere

FortiWeb 7.2.0-7.2.1/7.0/6.4/6.3 Cert Flaw: Remote MIM Decrypt (CWE-295)
CVE-2024-33509 4.8 - Medium - July 09, 2024

An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF).

Improper Certificate Validation

FortiWebManager 6.07.2 Improper Auth Allows Remote Exec via HTTP/CLI
CVE-2024-23669 8.8 - High - June 05, 2024

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.

AuthZ

FortiWeb 7.4.2 Improper Auth for ADOM Ops (CVE-2024-23665)
CVE-2024-23665 8.8 - High - June 03, 2024

Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests.

AuthZ

FortiWeb 7.2.0/7.0.0-7.0.4/6.3.0/6.2.3-6.2.4/6.0.2 Improper Auth RCE
CVE-2024-23667 8.8 - High - June 03, 2024

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.

FortiWebManager 6.0.2-7.2.0 Improper Authorization Allows Code Exec
CVE-2024-23668 8.8 - High - June 03, 2024

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.

Improper Input Validation

FortiWebManager 6.0.2-7.2.0 Improper Authorization Enables Code Execution
CVE-2024-23670 8.8 - High - June 03, 2024

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.

AuthZ

FortiWeb 7.0.8/7.2.4/7.4.0 CLI Sensitive Data Exposure (CWE-200)
CVE-2024-23107 5.5 - Medium - June 03, 2024

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated attacker to read password hashes of other administrators via CLI commands.

Information Disclosure

FortiWeb Log Forgery via Improper Log Output Neutralization 6.2.0-7.4.0
CVE-2023-46713 5.3 - Medium - December 13, 2023

An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.

Improper Output Neutralization for Logs

FortiWeb 6.3-7.2 Unauthorized Code Exec via HTTP (CVE-2023-34984)
CVE-2023-34984 7.1 - High - September 13, 2023

A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Protection Mechanism Failure

FortiWeb 6.3.187.0.1 OS Command Injection via CLI backup
CVE-2023-23777 7.2 - High - July 11, 2023

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters.

Shell injection

Denial-of-Service via Infinite Loop in FortiOS/Proxy/Web ( 7.2.4)
CVE-2023-33305 6.5 - Medium - June 13, 2023

A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.

Infinite Loop

Fortinet FortiWeb/ADC OS Command Injection in v7.0-7.1.1
CVE-2022-43948 7.8 - High - April 11, 2023

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions, FortiADC 5.4 all versions, FortiADC 5.3 all versions, FortiADC 5.2 all versions, FortiADC 5.1 all versions allows attacker to execute unauthorized code or commands via specifically crafted arguments to existing commands.

Shell injection

FortiWeb XSS via Log Payload 6.07.0.3 (CWE-79)
CVE-2022-43955 6.1 - Medium - April 11, 2023

An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.

XSS

FortiWeb/FortiRecorder Filesystem Read via CLI Argument Injection (6.0-6.4.3)
CVE-2022-22297 5.5 - Medium - March 07, 2023

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.

FortiWeb 6.3.6-6.3.20/7.0.0-7.0.2 OS Command Injection via crafted HTTP
CVE-2022-39951 8.8 - High - March 07, 2023

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Shell injection

Unauth Config Download FortiWeb <6.3.6-7.0.4 local attacker
CVE-2023-22636 3.3 - Low - February 27, 2023

An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.

FortiWeb 7.0.0-7.0.2, 6.3.6-6.3.20 info disclosure via relative path traversal
CVE-2023-23784 6.5 - Medium - February 16, 2023

A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests.

Directory traversal

Double free in FortiWeb 7.0.07.0.3 (pre7.0.4) arbitrary code exec via crafted commands
CVE-2022-40683 7.8 - High - February 16, 2023

A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands

Double-free

Stack Buf-ovr in FortiWeb < 6.4 (Vuln via Cmd Args)
CVE-2023-25602 7.8 - High - February 16, 2023

A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fortinet FortiWeb or by Fortinet? Click the Watch button to subscribe.

Fortinet
Vendor

Fortinet FortiWeb
Product

subscribe