Filtered by vendor Fortinet
Subscribe
Total
708 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41682 | 1 Fortinet | 1 Fortisandbox | 2023-12-10 | N/A | 7.5 HIGH |
| A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests. | |||||
| CVE-2023-34984 | 1 Fortinet | 1 Fortiweb | 2023-12-10 | N/A | 8.8 HIGH |
| A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | |||||
| CVE-2023-40717 | 1 Fortinet | 1 Fortitester | 2023-12-10 | N/A | 7.8 HIGH |
| A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands. | |||||
| CVE-2023-41838 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-12-10 | N/A | 7.1 HIGH |
| An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli. | |||||
| CVE-2023-40715 | 1 Fortinet | 1 Fortitester | 2023-12-10 | N/A | 5.5 MEDIUM |
| A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device. | |||||
| CVE-2023-34987 | 1 Fortinet | 1 Fortiwlm | 2023-12-10 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | |||||
| CVE-2023-41675 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-12-10 | N/A | 5.3 MEDIUM |
| A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. | |||||
| CVE-2022-22305 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortios and 1 more | 2023-12-10 | N/A | 4.2 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers. | |||||
| CVE-2023-33308 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-12-10 | N/A | 9.8 CRITICAL |
| A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection. | |||||
| CVE-2023-36547 | 1 Fortinet | 1 Fortiwlm | 2023-12-10 | N/A | 9.8 CRITICAL |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | |||||
| CVE-2023-36635 | 1 Fortinet | 1 Fortiswitchmanager | 2023-12-10 | N/A | 4.3 MEDIUM |
| An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API. | |||||
| CVE-2023-37935 | 1 Fortinet | 1 Fortios | 2023-12-10 | N/A | 7.5 HIGH |
| A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | |||||
| CVE-2023-36638 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-12-10 | N/A | 4.3 MEDIUM |
| An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID. | |||||
| CVE-2023-36548 | 1 Fortinet | 1 Fortiwlm | 2023-12-10 | N/A | 9.8 CRITICAL |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | |||||
| CVE-2023-41681 | 1 Fortinet | 1 Fortisandbox | 2023-12-10 | N/A | 6.1 MEDIUM |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | |||||
| CVE-2023-25608 | 1 Fortinet | 4 Fortiap, Fortiap-c, Fortiap-u and 1 more | 2023-12-10 | N/A | 6.5 MEDIUM |
| An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments. | |||||
| CVE-2023-40718 | 1 Fortinet | 2 Fortios, Fortios Ips Engine | 2023-12-10 | N/A | 7.5 HIGH |
| A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. | |||||
| CVE-2022-22298 | 1 Fortinet | 1 Fortiisolator | 2023-12-10 | N/A | 7.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters. | |||||
| CVE-2021-43072 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortios and 1 more | 2023-12-10 | N/A | 6.7 MEDIUM |
| A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol. | |||||
| CVE-2023-37939 | 1 Fortinet | 1 Forticlient | 2023-12-10 | N/A | 3.3 LOW |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. | |||||