Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2022-27486 OS Command Injection vulnerability in Fortinet Fortiddos and Fortiddos-F
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root` via `execute` CLI commands.
local
low complexity
fortinet CWE-78
7.8
2024-08-13 CVE-2022-45862 Insufficient Session Expiration vulnerability in Fortinet products
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials.
network
low complexity
fortinet CWE-613
8.8
2024-08-13 CVE-2023-26211 Cross-site Scripting vulnerability in Fortinet Fortisoar
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.
network
low complexity
fortinet CWE-79
critical
9.0
2024-08-13 CVE-2024-21757 Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager
A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.
local
low complexity
fortinet
7.8
2024-08-13 CVE-2024-36505 Unspecified vulnerability in Fortinet Fortios
An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system.
local
low complexity
fortinet
5.5
2024-07-09 CVE-2023-50178 Improper Certificate Validation vulnerability in Fortinet Fortiadc
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud.
network
high complexity
fortinet CWE-295
7.4
2024-07-09 CVE-2023-50179 Improper Certificate Validation vulnerability in Fortinet Fortiadc
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors.
network
high complexity
fortinet CWE-295
5.9
2024-07-09 CVE-2023-50181 Unspecified vulnerability in Fortinet Fortiadc
An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests.
network
low complexity
fortinet
6.5
2024-07-09 CVE-2024-21759 Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortiportal
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests.
network
low complexity
fortinet CWE-639
4.3
2024-07-09 CVE-2024-23663 Unspecified vulnerability in Fortinet Fortiextender Firmware
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.
network
low complexity
fortinet
8.8