Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2021-10-06 CVE-2020-15941 Path Traversal vulnerability in Fortinet Forticlient Endpoint Management Server
A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.
network
low complexity
fortinet CWE-22
5.5
2021-10-06 CVE-2021-24019 Insufficient Session Expiration vulnerability in Fortinet Forticlient Endpoint Management Server
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
network
low complexity
fortinet CWE-613
7.5
2021-10-06 CVE-2021-24021 Cross-site Scripting vulnerability in Fortinet Fortianalyzer
An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks.
network
fortinet CWE-79
3.5
2021-10-06 CVE-2021-36170 Insufficiently Protected Credentials vulnerability in Fortinet Fortianalyzer
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.
local
low complexity
fortinet CWE-522
2.1
2021-10-06 CVE-2021-36175 Cross-site Scripting vulnerability in Fortinet Fortiweb
An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device.
network
fortinet CWE-79
3.5
2021-10-06 CVE-2021-36178 Insufficiently Protected Credentials vulnerability in Fortinet Fortisdnconnector
A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup.
network
low complexity
fortinet CWE-522
4.0
2021-09-30 CVE-2021-24016 Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortimanager
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.
network
fortinet CWE-1236
critical
9.3
2021-09-30 CVE-2021-24017 Improper Authentication vulnerability in Fortinet Fortimanager
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.
network
low complexity
fortinet CWE-287
4.0
2021-09-08 CVE-2020-29012 Insufficient Session Expiration vulnerability in Fortinet Fortisandbox
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
network
low complexity
fortinet CWE-613
5.0
2021-09-08 CVE-2021-36179 Out-of-bounds Write vulnerability in Fortinet Fortiweb
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution
network
low complexity
fortinet CWE-787
6.5