182.78.146.125
{
"scan_id": 1740065993,
"ip": "182.78.146.125",
"is_ipv4": true,
"is_ipv6": false,
"location": {
"network": "182.78.144.0/22",
"postal_code": "110003",
"coordinates": {
"latitude": "28.6327",
"longitude": "77.2198"
},
"geo_point": "28.6327, 77.2198",
"locale_code": "en",
"continent": "Asia",
"country_code": "IN",
"country_name": "India",
"city": "New Delhi"
},
"location_updated_at": "2025-02-20T00:44:45Z",
"asn": {
"number": "AS9498",
"organization": "BHARTI Airtel Ltd.",
"country_code": ""
},
"asn_updated_at": "0001-01-01T00:00:00Z",
"whois": {
"network": "182.78.144.0/20",
"organization": "Bharti Airtel Limited",
"descr": "Bharti Airtel Limited,\nTransport Network Group,\n234, Okhla Phase III",
"_encoding": {
"raw": "BASE64"
}
},
"whois_updated_at": "2024-12-09T11:27:59Z",
"tags": [
{
"name": "is_anonymous_proxy",
"pretty_name": "Anonymous Proxy",
"value": false,
"last_updated_at": "2025-02-20T00:44:45Z"
},
{
"name": "is_cdn",
"pretty_name": "CDN",
"value": false,
"last_updated_at": "2025-02-20T06:56:09Z"
},
{
"name": "is_satellite_provider",
"pretty_name": "Satellite Provider",
"value": false,
"last_updated_at": "2025-02-20T00:44:45Z"
}
],
"services": [
{
"port": 22,
"protocol": "tcp",
"name": "ssh",
"version": "",
"product": "FortiSSH",
"extra_info": "protocol 2.0",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/o:fortinet:fortios",
"part": "o",
"vendor": "fortinet",
"product": "fortios",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"ssh": {
"banner": "SSH-2.0-DNjGR",
"client_to_server_ciphers": [
"[email protected]",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"[email protected]",
"[email protected]"
],
"client_to_server_compression": [
"none",
"[email protected]"
],
"client_to_server_macs": [
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1",
"[email protected]",
"hmac-ripemd160",
"[email protected]"
],
"host_key_algorithms": [
"ssh-rsa",
"ssh-ed25519"
],
"kex_algorithms": [
"[email protected]",
"diffie-hellman-group-exchange-sha256",
"diffie-hellman-group-exchange-sha1",
"diffie-hellman-group14-sha1"
],
"key": {
"algorithm": "ssh-rsa",
"fingerprint_sha256": "8b68770bfb90753e43c75daa95d180fe7a411c0a61e866e65a49094960299334",
"raw": "AAAAB3NzaC1yc2EAAAADAQABAAAAgQD8LYeWGxS6ZGbCTVDQdJnK5jDh4cQamUAnwBKUr7xXpkV1iDsF1hDMXqRGlsa7AaRjpknyySakpbdQJWnc0JCpf1+DWTAXuM7U8FZGLrG58mE8MZw1f7dnBXvBeoziIDqiMtFEdS2hM3LUrQVEorM789R8L412FGUf6b9lcvct+Q=="
},
"server_to_client_ciphers": [
"[email protected]",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"[email protected]",
"[email protected]"
],
"server_to_client_compression": [
"none",
"[email protected]"
],
"server_to_client_macs": [
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1",
"[email protected]",
"hmac-ripemd160",
"[email protected]"
],
"software": "DNjGR",
"version": "2.0"
}
},
"cve": [
{
"id": "CVE-2022-41328",
"score": 7.1,
"severity": "high"
},
{
"id": "CVE-2022-41329",
"score": 5.3,
"severity": "medium"
},
{
"id": "CVE-2022-42476",
"score": 8.2,
"severity": "high"
}
],
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-02-19T07:09:02.479Z"
},
{
"port": 443,
"protocol": "tcp",
"name": "https",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "ssl",
"modules": {
"http": {
"body": "<!DOCTYPE html>\n<html lang=\"en\" class=\"main-app\">\n <head>\n <meta charset=\"UTF-8\">\n <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <meta name=\"apple-itunes-app\" content=\"app-id=1157004084, app-argument={{::host_addr}}\">\n <base href=\"/ng/\">\n <title ng-bind=\"::state.model_name + ' - ' + state.hostname\"></title>\n\n <script>\n function login_redirect() {\n 'use strict';\n var url = window.location.pathname + window.location.search + window.location.hash;\n window.location.href = '/logout?redir=' + encodeURIComponent(url);\n }\n\n /**\n * Install a global error handler which can be used to report JS errors back to the\n * FortiGate for inclusion in the httpsd debug log.\n *\n * The global error handler is loaded here because:\n * - It needs to be set prior to the other scripts loading.\n * - If it's installed in the context of another script, the error reporting only\n * applies to script errors in that script file (i.e. fweb_all.js).\n */\n window.onerror = function(message, source, lineno, colno, error) {\n 'use strict';\n if (fweb && fweb.log && fweb.log.error) {\n fweb.log.error(error);\n }\n };\n window.onunhandledrejection = function(rejectionEvent) {\n 'use strict';\n if (fweb && fweb.log && fweb.log.warn) {\n fweb.log.warn(`Unhandled promise rejection: \"${rejectionEvent.reason}\"`);\n }\n }\n </script>\n\n <!-- If we fail to load any of these scripts then redirect to the login page. Note that\n these checks alone are not sufficient as they may be cached. Similiar logic exists\n in requireJS, $http interceptor, and jQuery.ajax -->\n\n <script src=\"/dd195f29174a2468987ae5df86784c3d/ng/ng.bundle.js\" onerror=\"login_redirect()\"></script>\n </head>\n <body class=\"ng-cloak\" ng-controller=\"App\">\n <f-header haSync=\"haSync\" currentVdom=\"currentVdom\"\n ng-if=\"!guestAdmin && !structure.isViewOnly && !structure.isFullscreen\"></f-header>\n <f-guest-header ng-if=\"guestAdmin && !structure.isViewOnly && !structure.isFullscreen\"></f-guest-header>\n\n <f-disconnection-notice></f-disconnection-notice>\n <f-shortcuts-help></f-shortcuts-help>\n <f-firmware-upgrade></f-firmware-upgrade>\n <f-terminal></f-terminal>\n <f-release-overview></f-release-overview>\n <f-debugger-capture-notice></f-debugger-capture-notice>\n\n <f-navbar-view-section id=\"navbar-view-section\">\n </f-navbar-view-section>\n </body>\n</html>\n",
"body_murmur": 390931134,
"body_sha256": "139dcb3dd29b1727eb6ee73f90dcc674ec148c2f09d009411aaa94a13fdabde5",
"content_length": -1,
"favicon": {
"md5_hash": "e462005902f81094ab3de44e4381de19",
"murmur_hash": 945408572,
"path": "https://182.78.146.125:443/favicon.ico",
"size": 318
},
"headers": {
"accept_ranges": [
"bytes"
],
"cache_control": [
"no-cache"
],
"content_security_policy": [
"frame-ancestors 'self'"
],
"content_type": [
"text/html"
],
"date": [
"Sat, 22 Feb 2025 01:31:28 GMT"
],
"last_modified": [
"Thu, 29 Jul 2021 23:34:56 GMT"
],
"strict_transport_security": [
"max-age=15552000"
],
"vary": [
"Accept-encoding"
],
"x_frame_options": [
"SAMEORIGIN"
],
"x_xss_protection": [
"1; mode=block"
]
},
"protocol": "HTTP/1.1",
"redirects": [
{
"body": "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>302 Found</title>\n</head><body>\n<h1>Found</h1>\n<p>The document has moved <a href=\"https://182.78.146.125/ng\">here</a>.</p>\n</body></html>\n",
"body_murmur": 134585521,
"body_sha256": "7aaf1ffd8602c1f15f843e98e54121d2b2a4ac839bf4c635a6910a9f26b3d8b8",
"content_length": 209,
"headers": {
"content_length": [
"209"
],
"content_security_policy": [
"frame-ancestors 'self'"
],
"content_type": [
"text/html; charset=iso-8859-1"
],
"date": [
"Sat, 22 Feb 2025 01:31:28 GMT"
],
"location": [
"https://182.78.146.125/ng"
],
"strict_transport_security": [
"max-age=15552000"
],
"x_frame_options": [
"SAMEORIGIN"
],
"x_xss_protection": [
"1; mode=block"
]
},
"location": "https://182.78.146.125/ng",
"protocol": "HTTP/1.1",
"status_code": 302,
"status_line": "302 Found"
}
],
"request": {
"headers": {
"accept": [
"*/*"
],
"referer": [
"https://182.78.146.125"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "182.78.146.125",
"path": "/ng",
"scheme": "https"
}
},
"status_code": 200
},
"tls": {
"certificate": {
"extensions": {
"basic_constraints": {
"is_ca": true
},
"extended_key_usage": {
"any": false,
"apple_code_signing": false,
"apple_code_signing_development": false,
"apple_code_signing_third_party": false,
"apple_crypto_development_env": false,
"apple_crypto_env": false,
"apple_crypto_maintenance_env": false,
"apple_crypto_production_env": false,
"apple_crypto_qos": false,
"apple_crypto_test_env": false,
"apple_crypto_tier0_qos": false,
"apple_crypto_tier1_qos": false,
"apple_crypto_tier2_qos": false,
"apple_crypto_tier3_qos": false,
"apple_ichat_encryption": false,
"apple_ichat_signing": false,
"apple_resource_signing": false,
"apple_software_update_signing": false,
"apple_system_identity": false,
"client_auth": false,
"code_signing": false,
"dvcs": false,
"eap_over_lan": false,
"eap_over_ppp": false,
"email_protection": false,
"ipsec_end_system": false,
"ipsec_intermediate_system_usage": false,
"ipsec_tunnel": false,
"ipsec_user": false,
"microsoft_ca_exchange": false,
"microsoft_cert_trust_list_signing": false,
"microsoft_csp_signature": false,
"microsoft_document_signing": false,
"microsoft_drm": false,
"microsoft_drm_individualization": false,
"microsoft_efs_recovery": false,
"microsoft_embedded_nt_crypto": false,
"microsoft_encrypted_file_system": false,
"microsoft_enrollment_agent": false,
"microsoft_kernel_mode_code_signing": false,
"microsoft_key_recovery_21": false,
"microsoft_key_recovery_3": false,
"microsoft_license_server": false,
"microsoft_licenses": false,
"microsoft_lifetime_signing": false,
"microsoft_mobile_device_software": false,
"microsoft_nt5_crypto": false,
"microsoft_oem_whql_crypto": false,
"microsoft_qualified_subordinate": false,
"microsoft_root_list_signer": false,
"microsoft_server_gated_crypto": false,
"microsoft_sgc_serialized": false,
"microsoft_smart_display": false,
"microsoft_smartcard_logon": false,
"microsoft_system_health": false,
"microsoft_system_health_loophole": false,
"microsoft_timestamp_signing": false,
"microsoft_whql_crypto": false,
"netscape_server_gated_crypto": false,
"ocsp_signing": false,
"sbgp_cert_aa_service_auth": false,
"server_auth": true,
"time_stamping": false
}
},
"fingerprint_md5": "6D602E452E44577EA6F2F4CFC09A9BED",
"fingerprint_sha1": "9681AE4004590EAD0763C134BECC5A60998F6876",
"fingerprint_sha256": "0556978E61A5C4FBF4D22A93FDD4D477199256C48CCBE63642EDEB1A93EF204B",
"issuer": {
"common_name": [
"FortiGate"
],
"organization": [
"Fortinet Ltd."
]
},
"issuer_dn": "/O=Fortinet Ltd./CN=FortiGate",
"jarm": "07d0bd0fd21d21d07c42d43d0000009424803a662b126a748cf4f90707a33c",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "3389533513941891364",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": true,
"value": "YWNjNmQ0ZmMwM2JkY2E5NmVjZDExNjY2YWFiY2JmZmI4ZjI4ODVjOTVjM2RhOTExYmUyOTZmNDhjMmE5ODYzZTZkNzQ3ZDRmNDcyOTM1YjVmMjBkOWUwN2E0NjNiNzFkYjU3ODljODQ4MmZkZGNhZGNmNjQxYTUxYzc5ZDJjZDNlMWQwMjc2N2U5OGMyMGExMWVlN2Y2Njc0YjYxY2U4YmI3YjE3YjNiMTJkYWZjM2Q4YjRkODk1MTI4NDlmNmEzM2Q0MDAxOGYyYTc2NTZmNmEzZmM5ZmEwYzNmM2Y2MmY5NDI3Y2M3YzYyNDU3NzZhNjdlMmU4MWRjYTVkOGM3NDA5MzdhOGM0MzlmZjRhNDkzODQxY2U1OGNmMzljZGQ5ZTRjMGYwYjZjN2UzNTFkOWE3ZjkyNmYxNDU3MTIzNjJkZmUzNTJlZjVhYjRiMGJlYTQ0M2FiMzIyMWMyOGI0MjJkZTRiZGVhZjc1ODhhZWM5YzVlMTllOWJjZTVlMjc0MGFmYmY4YmVlNjczOWI1NmQ3ZTU0YzdkM2RiNjk2NGE2Y2M5NzY4NjYxYTcyNDNmOWUwNjIwM2RjY2UxOTQzMjU4ZDJlOGY4M2UxMWVjMzA3Y2YzZjJjYTEwMjAwODUwZDZjNTE1NjQ2OTQwMTQ4MWViY2NmMGUzZGIzZmQzYWY="
},
"subject": {
"common_name": [
"FortiGate"
],
"organization": [
"Fortinet Ltd."
]
},
"subject_alt_name": {
"dns_names": [
"FortiGate"
],
"extended_dns_names": []
},
"subject_dn": "/O=Fortinet Ltd./CN=FortiGate",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "1e14cea3d5a6fe12f582eadc653b290248ff5bca3c484f6e895738efa1266201",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048,
"modulus": "MHhjYTQwMWVhN2M2Y2Y4YzIwNGQ2ZGZiZGU0MGVmZmE4ZDE5MGQ5ZjA2NDQ2ZmFlZmU0MzAxYWZmOWI3MTY1MjRlNWNmMzMyMDcwZTZhZDY5MGJkN2JlYTExZjAzZDY3MGNhNWI4MDIxMTE0OWU2N2UyNDc0MmU1YTcwZmZlYTcxNDFmOGRhZTYwMDY5M2U0ZTVjZDNmOTY0YmUwNmViMzBkN2VhMTNhZWI4ZDZjZmNhYTcxYjVkN2ZmMTA1MTAxOGQxMjRjNGJlZTE4NmE2YmUwYjhlYTM1OTllMmFiMWUzNmIyZjA2ZjNmY2UyMDUyZTNlMzhmYmI2YTdjMzE2MTVkYTJlNDUzNzBiNmRiOGFmOGQ2MmExYmJhODcyMGVhYjcyYWRiYWFjNWY2NDNkOWY4YTE0NmFiMmYzZWZjZTg1MjBhZDc3MTA3MGJjMDVmY2U2ZjY5NzI3ZjA1M2NiMjljNTAzZmFjMDc3MTZkYmY5MWFlNTk5NWUyNmQzN2JkZGY1ZDhjOGZiNmU0Yjk2NGE4MzI1NDZhNTViMTg1ODhkZDliZGJmYjM3YTRmY2U1OTNiNjAzYWI3NWUxYzRiZGFiYjdlYjgyOWQzN2M2ODZkMTExYzY0NDBmNjc3NmQ4YTJjNmM4MGQ0N2EyZWM0YjVjY2QyYmY0ZDdkN2ZkMDY0ZA=="
}
},
"tbs_fingerprint": "9f41739148fbf6b69e94545cfb99a539ea738221942b09047c92386b9e020e24",
"validation_level": "OV",
"validity": {
"length_seconds": 71280000,
"not_after": "2025-09-26T07:50:55",
"not_before": "2023-06-24T07:50:55"
},
"version": 2
},
"fingerprint_sha256": "0556978E61A5C4FBF4D22A93FDD4D477199256C48CCBE63642EDEB1A93EF204B",
"precert": false,
"raw": "MIIC/DCCAeSgAwIBAgIILwoKxbzJuSQwDQYJKoZIhvcNAQELBQAwLDEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UEAwwJRm9ydGlHYXRlMB4XDTIzMDYyNDA3NTA1NVoXDTI1MDkyNjA3NTA1NVowLDEWMBQGA1UECgwNRm9ydGluZXQgTHRkLjESMBAGA1UEAwwJRm9ydGlHYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykAep8bPjCBNbfveQO/6jRkNnwZEb67+QwGv+bcWUk5c8zIHDmrWkL176hHwPWcMpbgCERSeZ+JHQuWnD/6nFB+NrmAGk+TlzT+WS+Busw1+oTrrjWz8qnG11/8QUQGNEkxL7hhqa+C46jWZ4qseNrLwbz/OIFLj44+7anwxYV2i5FNwttuK+NYqG7qHIOq3KtuqxfZD2fihRqsvPvzoUgrXcQcLwF/Ob2lyfwU8spxQP6wHcW2/ka5ZleJtN73fXYyPtuS5ZKgyVGpVsYWI3Zvb+zek/OWTtgOrdeHEvau364KdN8aG0RHGRA9ndtiixsgNR6LsS1zNK/TX1/0GTQIDAQABoyIwIDAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQCsxtT8A73KluzRFmaqvL/7jyiFyVw9qRG+KW9IwqmGPm10fU9HKTW18g2eB6Rjtx21eJyEgv3crc9kGlHHnSzT4dAnZ+mMIKEe5/ZnS2HOi7exezsS2vw9i02JUShJ9qM9QAGPKnZW9qP8n6DD8/YvlCfMfGJFd2pn4ugdyl2MdAk3qMQ5/0pJOEHOWM85zdnkwPC2x+NR2af5JvFFcSNi3+NS71q0sL6kQ6syIcKLQi3kver3WIrsnF4Z6bzl4nQK+/i+5nObVtflTH09tpZKbMl2hmGnJD+eBiA9zOGUMljS6Pg+EewwfPPyyhAgCFDWxRVkaUAUgevM8OPbP9Ov",
"tags": [
"ov",
"trusted",
"self_signed",
"root"
]
}
},
"url": "https://182.78.146.125/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-02-22T01:54:07.086Z"
}
],
"services_hash": "b1eec6fc76265438053d1f76326963c4e8053df4ae03edf9120c43a55da92d7f",
"last_updated_at": "2025-02-22T01:54:07.086Z",
"banner": [
"http",
"tls",
"ssh"
],
"is_vuln": true,
"cveDetails": {
"CVE-2022-41328": {
"id": "CVE-2022-41328",
"references": [
"https://fortiguard.com/psirt/FG-IR-22-369"
],
"score": 7.1,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"weakness": "CWE-22"
},
"CVE-2022-41329": {
"id": "CVE-2022-41329",
"references": [
"https://fortiguard.com/psirt/FG-IR-22-364"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2022-42476": {
"id": "CVE-2022-42476",
"references": [
"https://fortiguard.com/psirt/FG-IR-22-401"
],
"score": 8.2,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"weakness": "CWE-22"
},
"CVE-2022-45861": {
"id": "CVE-2022-45861",
"references": [
"https://fortiguard.com/psirt/FG-IR-22-477"
],
"score": 6.5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-824"
},
"CVE-2023-36640": {
"id": "CVE-2023-36640",
"references": [
"https://fortiguard.com/psirt/FG-IR-23-137"
],
"score": 6.7,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-134"
},
"CVE-2023-45583": {
"id": "CVE-2023-45583",
"references": [
"https://fortiguard.com/psirt/FG-IR-23-137"
],
"score": 7.2,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-134"
},
"CVE-2023-45586": {
"id": "CVE-2023-45586",
"references": [
"https://fortiguard.com/psirt/FG-IR-23-225"
],
"score": 5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"weakness": "CWE-345"
}
}
}