A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy 7.6.0 through 7.6.1, 7.4.0 through 7.4.7, FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.2 through 7.0.16, FortiSwitchManager 7.2.1 through 7.2.5 allows attackers to escalate their privilege via specially crafted http requests.
2025-10-14T16:15:36.523
2025-10-15T17:34:02.033
Analyzed
CVSSv3.1: 6.5 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | fortinet | fortios | < 7.0.17 | Yes |
| Operating System | fortinet | fortios | < 7.2.11 | Yes |
| Operating System | fortinet | fortios | < 7.4.7 | Yes |
| Operating System | fortinet | fortios | < 7.6.3 | Yes |
| Operating System | fortinet | fortipam | < 1.4.3 | Yes |
| Operating System | fortinet | fortipam | 1.5.0 | Yes |
| Application | fortinet | fortiproxy | < 7.4.8 | Yes |
| Application | fortinet | fortiproxy | < 7.6.2 | Yes |
| Application | fortinet | fortisra | < 1.4.3 | Yes |
| Application | fortinet | fortisra | 1.5.0 | Yes |
| Application | fortinet | fortiswitchmanager | < 7.2.6 | Yes |