Fortinet Fortiextender Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Fortinet Fortiextender Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-23663 — CVSS 8.8 (high): An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2…
CVE-2021-41016 — CVSS 7.8 (high): A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below…
CVE-2022-23447 — CVSS 7.5 (high): An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management…
CVE-2022-27489 — CVSS 7.2 (high): A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3…
CVE-2025-64153 — CVSS 7.2 (high): A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3…
CVE-2025-46776 — CVSS 6.4 (medium): A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1…
CVE-2025-46775 — CVSS 5.5 (medium): A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through…