Filtered by vendor Fortinet
Subscribe
Total
708 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-41673 | 1 Fortinet | 1 Fortiadc | 2023-12-15 | N/A | 5.4 MEDIUM |
An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests. | |||||
CVE-2023-40716 | 1 Fortinet | 1 Fortitester | 2023-12-15 | N/A | 7.8 HIGH |
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup . | |||||
CVE-2023-36639 | 1 Fortinet | 3 Fortios, Fortipam, Fortiproxy | 2023-12-15 | N/A | 8.8 HIGH |
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests. | |||||
CVE-2023-45585 | 1 Fortinet | 1 Fortisiem | 2023-12-10 | N/A | 3.3 LOW |
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage. | |||||
CVE-2023-34991 | 1 Fortinet | 1 Fortiwlm | 2023-12-10 | N/A | 9.8 CRITICAL |
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request. | |||||
CVE-2023-41840 | 1 Fortinet | 1 Forticlient | 2023-12-10 | N/A | 7.8 HIGH |
A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path. | |||||
CVE-2023-36633 | 1 Fortinet | 1 Fortimail | 2023-12-10 | N/A | 5.4 MEDIUM |
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests. | |||||
CVE-2023-45582 | 1 Fortinet | 1 Fortimail | 2023-12-10 | N/A | 7.3 HIGH |
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts. | |||||
CVE-2023-42783 | 1 Fortinet | 1 Fortiwlm | 2023-12-10 | N/A | 7.5 HIGH |
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests. | |||||
CVE-2023-36641 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-12-10 | N/A | 6.5 MEDIUM |
A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests. | |||||
CVE-2023-28002 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-12-10 | N/A | 6.7 MEDIUM |
An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. | |||||
CVE-2023-25603 | 1 Fortinet | 2 Fortiadc, Fortiddos-f | 2023-12-10 | N/A | 9.1 CRITICAL |
A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests. | |||||
CVE-2023-26205 | 1 Fortinet | 1 Fortiadc | 2023-12-10 | N/A | 8.8 HIGH |
An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script. | |||||
CVE-2023-40719 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-12-10 | N/A | 5.5 MEDIUM |
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials. | |||||
CVE-2023-29177 | 1 Fortinet | 2 Fortiadc, Fortiddos-f | 2023-12-10 | N/A | 6.7 MEDIUM |
Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests. | |||||
CVE-2023-44248 | 1 Fortinet | 1 Fortiedr | 2023-12-10 | N/A | 5.5 MEDIUM |
An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service. | |||||
CVE-2022-40681 | 1 Fortinet | 1 Forticlient | 2023-12-10 | N/A | 7.1 HIGH |
A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe. | |||||
CVE-2023-33304 | 1 Fortinet | 1 Forticlient | 2023-12-10 | N/A | 5.5 MEDIUM |
A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. | |||||
CVE-2023-36553 | 1 Fortinet | 1 Fortisiem | 2023-12-10 | N/A | 9.8 CRITICAL |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests. | |||||
CVE-2023-41676 | 1 Fortinet | 1 Fortisiem | 2023-12-10 | N/A | 6.5 MEDIUM |
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs. |