Fortinet Fortiextender
7 CVEs affecting Fortinet Fortiextender. Latest disclosed: 2025-12-09. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-23663 | High | 8.1 | 2024-07-09 | An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to… |
CVE-2022-23447 | High | 7.3 | 2023-07-11 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7… |
CVE-2022-27489 | High | 7.0 | 2023-02-16 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and be… |
CVE-2025-64153 | Medium | 6.7 | 2025-12-09 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0… |
CVE-2025-46776 | Medium | 6.3 | 2025-11-18 | A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 throu… |
CVE-2025-46775 | Medium | 5.2 | 2025-11-18 | A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtende… |
CVE-2019-15710 | | 2019-10-31 | An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arb… |