Embed Notice

Happy #PatchTuesday from Fortinet:

1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity