Filtered by vendor Fortinet
Subscribe
Total
548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24020 | 1 Fortinet | 1 Fortimail | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification. | |||||
| CVE-2021-36169 | 1 Fortinet | 1 Fortios | 2022-07-12 | 6.6 MEDIUM | 6.0 MEDIUM |
| A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations. | |||||
| CVE-2020-12812 | 1 Fortinet | 1 Fortios | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. | |||||
| CVE-2020-6648 | 1 Fortinet | 2 Fortios, Fortiproxy | 2022-06-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command. | |||||
| CVE-2022-22306 | 1 Fortinet | 1 Fortios | 2022-06-06 | 2.9 LOW | 5.3 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms. | |||||
| CVE-2021-44167 | 1 Fortinet | 1 Forticlient | 2022-05-18 | 5.0 MEDIUM | 7.5 HIGH |
| An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links. | |||||
| CVE-2021-43081 | 1 Fortinet | 2 Fortios, Fortiproxy | 2022-05-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. | |||||
| CVE-2022-26116 | 1 Fortinet | 1 Fortinac | 2022-05-18 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. | |||||
| CVE-2022-23443 | 1 Fortinet | 1 Fortisoar | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. | |||||
| CVE-2021-43206 | 1 Fortinet | 2 Fortios, Fortiproxy | 2022-05-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. | |||||
| CVE-2021-24011 | 1 Fortinet | 1 Fortinac | 2022-05-03 | 9.0 HIGH | 7.2 HIGH |
| A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. | |||||
| CVE-2021-41023 | 2 Fortinet, Microsoft | 2 Fortisiem, Windows | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
| A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files | |||||
| CVE-2021-22125 | 1 Fortinet | 1 Fortisandbox | 2022-05-03 | 9.0 HIGH | 7.2 HIGH |
| An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file. | |||||
| CVE-2020-6641 | 1 Fortinet | 1 Fortipresence | 2022-05-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters. | |||||
| CVE-2021-36192 | 1 Fortinet | 1 Fortimanager | 2022-05-03 | 2.1 LOW | 3.8 LOW |
| An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS. | |||||
| CVE-2021-36183 | 1 Fortinet | 1 Forticlient | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates. | |||||
| CVE-2019-5587 | 1 Fortinet | 1 Fortios | 2022-04-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods. | |||||
| CVE-2022-23440 | 1 Fortinet | 1 Fortiedr | 2022-04-14 | 4.6 MEDIUM | 7.8 HIGH |
| A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment. | |||||
| CVE-2021-44169 | 1 Fortinet | 1 Forticlient | 2022-04-14 | 4.6 MEDIUM | 8.8 HIGH |
| A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory. | |||||
| CVE-2021-43205 | 1 Fortinet | 1 Forticlient | 2022-04-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries. | |||||