Filtered by vendor Fortinet
Subscribe
Total
548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23438 | 1 Fortinet | 1 Fortios | 2022-07-25 | N/A | 6.1 MEDIUM |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page. | |||||
| CVE-2022-26118 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2022-07-25 | N/A | 6.7 MEDIUM |
| A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system. | |||||
| CVE-2022-26120 | 1 Fortinet | 1 Fortiadc | 2022-07-25 | N/A | 8.8 HIGH |
| Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2022-22304 | 1 Fortinet | 1 Fortiauthenticator Agent For Microsoft Outlook Web Access | 2022-07-24 | N/A | 6.1 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. | |||||
| CVE-2021-36177 | 1 Fortinet | 1 Fortiauthenticator | 2022-07-12 | 3.3 LOW | 4.3 MEDIUM |
| An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database. | |||||
| CVE-2021-36169 | 1 Fortinet | 1 Fortios | 2022-07-12 | 6.6 MEDIUM | 6.0 MEDIUM |
| A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations. | |||||
| CVE-2020-12812 | 1 Fortinet | 1 Fortios | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. | |||||
| CVE-2021-26100 | 1 Fortinet | 1 Fortimail | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible. | |||||
| CVE-2021-26110 | 1 Fortinet | 2 Fortios, Fortiproxy | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features. | |||||
| CVE-2021-24023 | 1 Fortinet | 2 Fortiai 3500f, Fortiai Firmware | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command. | |||||
| CVE-2021-24020 | 1 Fortinet | 1 Fortimail | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification. | |||||
| CVE-2021-41021 | 1 Fortinet | 1 Fortinac | 2022-07-12 | 7.2 HIGH | 6.7 MEDIUM |
| A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. | |||||
| CVE-2020-15936 | 1 Fortinet | 1 Fortios | 2022-07-12 | 4.0 MEDIUM | 4.5 MEDIUM |
| A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. | |||||
| CVE-2021-22128 | 1 Fortinet | 1 Fortiproxy | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality. | |||||
| CVE-2021-41016 | 1 Fortinet | 2 Fortiextender, Fortiextender Firmware | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters | |||||
| CVE-2021-41025 | 1 Fortinet | 1 Fortiweb | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer. | |||||
| CVE-2021-36166 | 1 Fortinet | 1 Fortimail | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties. | |||||
| CVE-2021-36167 | 1 Fortinet | 1 Forticlient | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater. | |||||
| CVE-2020-15939 | 1 Fortinet | 1 Fortisandbox | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL. | |||||
| CVE-2021-43066 | 1 Fortinet | 1 Forticlient | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer. | |||||