Filtered by vendor Fortinet
Subscribe
Total
548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39949 | 2 Fortinet, Microsoft | 2 Fortiedr, Windows | 2022-11-03 | N/A | 5.5 MEDIUM |
| An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection. | |||||
| CVE-2022-38374 | 1 Fortinet | 1 Fortiadc | 2022-11-03 | N/A | 6.1 MEDIUM |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews. | |||||
| CVE-2022-38373 | 1 Fortinet | 1 Fortideceptor | 2022-11-03 | N/A | 5.4 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID. | |||||
| CVE-2022-35851 | 1 Fortinet | 1 Fortiadc | 2022-11-03 | N/A | 5.4 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address. | |||||
| CVE-2022-26119 | 1 Fortinet | 1 Fortisiem | 2022-11-03 | N/A | 7.8 HIGH |
| A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. | |||||
| CVE-2022-33872 | 1 Fortinet | 1 Fortitester | 2022-10-21 | N/A | 9.8 CRITICAL |
| An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. | |||||
| CVE-2022-33873 | 1 Fortinet | 1 Fortitester | 2022-10-21 | N/A | 9.8 CRITICAL |
| An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell. | |||||
| CVE-2022-33874 | 1 Fortinet | 1 Fortitester | 2022-10-21 | N/A | 9.8 CRITICAL |
| An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. | |||||
| CVE-2022-29055 | 1 Fortinet | 2 Fortios, Fortiproxy | 2022-10-20 | N/A | 7.5 HIGH |
| A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request. | |||||
| CVE-2022-40684 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortiswitchmanager | 2022-10-20 | N/A | 9.8 CRITICAL |
| An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. | |||||
| CVE-2022-35846 | 1 Fortinet | 1 Fortitester | 2022-10-20 | N/A | 9.8 CRITICAL |
| An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack. | |||||
| CVE-2022-35844 | 1 Fortinet | 1 Fortitester | 2022-10-20 | N/A | 7.2 HIGH |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature. | |||||
| CVE-2021-44171 | 1 Fortinet | 1 Fortios | 2022-10-12 | N/A | 8.0 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands. | |||||
| CVE-2022-26121 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2022-10-12 | N/A | 5.3 MEDIUM |
| An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path. | |||||
| CVE-2020-9289 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2022-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. | |||||
| CVE-2022-29061 | 1 Fortinet | 1 Fortisoar | 2022-09-13 | N/A | 7.2 HIGH |
| An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests. | |||||
| CVE-2021-43076 | 1 Fortinet | 1 Fortiadc | 2022-09-13 | N/A | 6.5 MEDIUM |
| An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access. | |||||
| CVE-2022-29058 | 1 Fortinet | 4 Fortiap, Fortiap-s, Fortiap-u and 1 more | 2022-09-09 | N/A | 7.8 HIGH |
| An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||
| CVE-2022-29053 | 1 Fortinet | 1 Fortios | 2022-09-08 | N/A | 3.3 LOW |
| A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it. | |||||
| CVE-2022-29062 | 1 Fortinet | 1 Fortisoar | 2022-09-08 | N/A | 6.5 MEDIUM |
| Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests. | |||||