Fortinet FortiOS ↗
Fortinet · Network / Security
0/100 Critical · exploited
Summary iPlain-English security verdict for Fortinet FortiOS, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Fortinet FortiOS currently scores 0/100 — critical, with active exploitation. 18 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2018-13379. Upgrade immediately and review your exposure to the actively-exploited CVEs below.
Disclosure trend iNew CVEs published for Fortinet FortiOS each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
⚠ 12 of its known vulnerabilities are linked to ransomware campaigns (CISA KEV).
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2018-13379 CRITICAL ● exploited ⚠ ransomware Path traversal EPSS 94% → fixed in 6.0.5 CVE-2022-40684 CRITICAL ● exploited ⚠ ransomware Improper authentication EPSS 94% → fixed in 7.2.2 CVE-2024-55591 CRITICAL ● exploited ⚠ ransomware CWE-288 EPSS 94% → fixed in 7.0.17 CVE-2022-42475 CRITICAL ● exploited ⚠ ransomware CWE-197 EPSS 94% → fixed in 7.2.3 CVE-2024-21762 CRITICAL ● exploited ⚠ ransomware Out-of-bounds write EPSS 93% → fixed in 7.4.3 CVE-2023-27997 CRITICAL ● exploited ⚠ ransomware CWE-122 EPSS 91% → see advisory CVE-2018-13382 CRITICAL ● exploited ⚠ ransomware Incorrect authorization EPSS 87% → fixed in 6.0.5 CVE-2019-6693 MEDIUM ● exploited ⚠ ransomware Hard-coded credentials EPSS 72% → see advisory CVE-2024-23113 CRITICAL ● exploited CWE-134 EPSS 54% → see advisory CVE-2019-5591 MEDIUM ● exploited Missing authentication EPSS 51% → see advisory CVE-2020-12812 CRITICAL ● exploited ⚠ ransomware CWE-178 EPSS 42% → fixed in 6.2.4 CVE-2025-59718 CRITICAL ● exploited CWE-347 EPSS 12% → fixed in 7.6.4Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each Fortinet FortiOS release line is supported — and when it sunsets.
8.0 latest — Supported until 2030-10-21
7.6 latest — Supported until 2030-01-25
7.4 latest — Supported until 2028-11-11
7.2 latest — Supported until 2026-09-30
7.0 latest — End of life ended 2025-09-30
6.4 latest — End of life ended 2024-09-30
6.2 latest — End of life ended 2023-09-28
6.0 latest — End of life ended 2022-09-29
See all upcoming end-of-life dates → ℹ lifecycle unknown — needs latest supported version