Filtered by vendor Fortinet
Subscribe
Total
1059 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22300 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 6.5 MEDIUM | 4.3 MEDIUM |
|
A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0 ...
Show More |
|||||
| CVE-2022-22299 | 1 Fortinet | 4 Fortiadc, Fortimail, Fortios and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
|
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4. ...
Show More |
|||||
| CVE-2022-22298 | 1 Fortinet | 1 Fortiisolator | 2024-11-21 | N/A | 6.7 MEDIUM |
|
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.
|
|||||
| CVE-2022-22297 | 1 Fortinet | 2 Fortirecorder Firmware, Fortiweb | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.
|
|||||
| CVE-2021-44172 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.
|
|||||
| CVE-2021-44171 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 9.0 CRITICAL |
|
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.
|
|||||
| CVE-2021-44170 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 6.7 MEDIUM |
|
A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.
|
|||||
| CVE-2021-44169 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 4.6 MEDIUM | 8.2 HIGH |
|
A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory.
|
|||||
| CVE-2021-44167 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 5.0 MEDIUM | 6.8 MEDIUM |
|
An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.
|
|||||
| CVE-2021-44166 | 1 Fortinet | 1 Fortitoken Mobile | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
|
An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user.
|
|||||
| CVE-2021-43206 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.
|
|||||
| CVE-2021-43205 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries.
|
|||||
| CVE-2021-43204 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
|
A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions.
|
|||||
| CVE-2021-43081 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.
|
|||||
| CVE-2021-43080 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 4.6 MEDIUM |
|
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors.
|
|||||
| CVE-2021-43077 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers.
|
|||||
| CVE-2021-43076 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 6.3 MEDIUM |
|
An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access.
|
|||||
| CVE-2021-43075 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers.
|
|||||
| CVE-2021-43074 | 1 Fortinet | 4 Fortios, Fortiproxy, Fortiswitch and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative ...
Show More |
|||||
| CVE-2021-43073 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
|
|||||
| CVE-2021-43072 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortios and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0. ...
Show More |
|||||
| CVE-2021-43071 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.
|
|||||
| CVE-2021-43070 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
|
Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
|
|||||
| CVE-2021-43068 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal.
|
|||||
| CVE-2021-43067 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | 4.3 MEDIUM | 8.3 HIGH |
|
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests.
|
|||||
| CVE-2021-43066 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
|
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.
|
|||||
| CVE-2021-43065 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.
|
|||||
| CVE-2021-43064 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 5.8 MEDIUM | 4.3 MEDIUM |
|
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers.
|
|||||
| CVE-2021-43063 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage.
|
|||||
| CVE-2021-43062 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service.
|
|||||
| CVE-2021-42761 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 9.0 CRITICAL |
|
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.
|
|||||
| CVE-2021-42760 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
|
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests.
|
|||||
| CVE-2021-42759 | 1 Fortinet | 2 Meru, Meru Firmware | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands.
|
|||||
| CVE-2021-42758 | 1 Fortinet | 1 Fortiwlc | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.
|
|||||
| CVE-2021-42756 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.
|
|||||
| CVE-2021-42755 | 1 Fortinet | 5 Fortios, Fortiproxy, Fortirecorder Firmware and 2 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.
|
|||||
| CVE-2021-42754 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 3.5 LOW | 3.2 LOW |
|
An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.
|
|||||
| CVE-2021-42753 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.5 HIGH | 8.1 HIGH |
|
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem.
|
|||||
| CVE-2021-42752 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests
|
|||||
| CVE-2021-41032 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.5 MEDIUM | 6.3 MEDIUM |
|
An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.
|
|||||