Filtered by vendor Fortinet
Subscribe
Total
548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32593 | 1 Fortinet | 1 Fortiwan | 2022-04-13 | 6.4 MEDIUM | 6.5 MEDIUM |
| A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages. | |||||
| CVE-2021-26114 | 1 Fortinet | 1 Fortiwan | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2021-26112 | 1 Fortinet | 1 Fortiwan | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests. | |||||
| CVE-2021-24009 | 1 Fortinet | 1 Fortiwan | 2022-04-13 | 9.0 HIGH | 8.8 HIGH |
| Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests. | |||||
| CVE-2022-23446 | 1 Fortinet | 1 Fortiedr | 2022-04-13 | 2.1 LOW | 4.4 MEDIUM |
| A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission. | |||||
| CVE-2021-41026 | 1 Fortinet | 1 Fortiweb | 2022-04-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | |||||
| CVE-2022-23441 | 1 Fortinet | 1 Fortiedr | 2022-04-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors. | |||||
| CVE-2021-32585 | 1 Fortinet | 1 Fortiwan | 2022-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests. | |||||
| CVE-2021-22127 | 1 Fortinet | 1 Forticlient | 2022-04-13 | 7.9 HIGH | 8.0 HIGH |
| An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name. | |||||
| CVE-2020-29013 | 1 Fortinet | 1 Fortisandbox | 2022-04-13 | 5.5 MEDIUM | 5.4 MEDIUM |
| An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests. | |||||
| CVE-2021-26116 | 1 Fortinet | 1 Fortiauthenticator | 2022-04-13 | 6.5 MEDIUM | 8.8 HIGH |
| An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||
| CVE-2021-26113 | 1 Fortinet | 1 Fortiwan | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored. | |||||
| CVE-2019-15703 | 1 Fortinet | 1 Fortios | 2022-03-31 | 2.6 LOW | 7.5 HIGH |
| An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. | |||||
| CVE-2021-26089 | 1 Fortinet | 1 Forticlient | 2022-03-30 | 7.2 HIGH | 7.8 HIGH |
| An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. | |||||
| CVE-2021-44166 | 1 Fortinet | 1 Fortitoken Mobile | 2022-03-11 | 3.5 LOW | 4.1 MEDIUM |
| An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user. | |||||
| CVE-2022-22301 | 1 Fortinet | 1 Fortiap-c | 2022-03-10 | 4.6 MEDIUM | 7.8 HIGH |
| An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments. | |||||
| CVE-2022-22303 | 1 Fortinet | 1 Fortimanager | 2022-03-10 | 2.1 LOW | 5.5 MEDIUM |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file. | |||||
| CVE-2021-43070 | 1 Fortinet | 1 Fortiwlm | 2022-03-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | |||||
| CVE-2021-43075 | 1 Fortinet | 1 Fortiwlm | 2022-03-09 | 9.0 HIGH | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers. | |||||
| CVE-2022-22300 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user. | |||||