Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2021-01-14 CVE-2020-29019 Out-Of-Bounds Write vulnerability in Fortinet Fortiweb
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.
network
low complexity
fortinet CWE-787
5.0
2021-01-14 CVE-2020-29018 USE of Externally-Controlled Format String vulnerability in Fortinet Fortiweb 6.3.0/6.3.5
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.
network
low complexity
fortinet CWE-134
6.5
2021-01-14 CVE-2020-29017 OS Command Injection vulnerability in Fortinet Fortideceptor 3.0.0/3.0.1/3.1.0
An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.
network
low complexity
fortinet CWE-78
critical
9.0
2021-01-14 CVE-2020-29016 Out-Of-Bounds Write vulnerability in Fortinet Fortiweb
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.
network
low complexity
fortinet CWE-787
7.5
2021-01-14 CVE-2020-29015 SQL Injection vulnerability in Fortinet Fortiweb
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.
network
low complexity
fortinet CWE-89
7.5
2020-10-21 CVE-2020-6648 Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and below may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.
network
low complexity
fortinet CWE-312
4.0
2020-09-24 CVE-2020-12815 Cross-Site Scripting vulnerability in Fortinet Fortianalyzer
An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.
network
fortinet CWE-79
3.5
2020-09-24 CVE-2020-12811 Cross-Site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.
network
fortinet CWE-79
4.3
2020-09-24 CVE-2020-12818 Unspecified vulnerability in Fortinet Fortios
An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.
network
low complexity
fortinet
5.0
2020-09-24 CVE-2020-12817 Injection vulnerability in Fortinet Fortianalyzer and Fortitester
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.
network
low complexity
fortinet CWE-74
6.5