Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2022-05-24 CVE-2022-22306 Improper Certificate Validation vulnerability in Fortinet Fortios
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.
2.9
2022-05-11 CVE-2021-43066 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Fortinet Forticlient
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.
local
low complexity
fortinet CWE-610
4.6
2022-05-11 CVE-2021-43081 Cross-site Scripting vulnerability in Fortinet Fortios and Fortiproxy
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0.
network
fortinet CWE-79
4.3
2022-05-11 CVE-2021-44167 Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Forticlient
An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.
network
low complexity
fortinet CWE-732
5.0
2022-05-11 CVE-2022-26116 SQL Injection vulnerability in Fortinet Fortinac
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.
network
low complexity
fortinet CWE-89
6.5
2022-05-04 CVE-2021-41020 Incorrect Authorization vulnerability in Fortinet Fortiisolator 2.3.0/2.3.1/2.3.2
An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL.
network
low complexity
fortinet CWE-863
6.5
2022-05-04 CVE-2021-41032 Exposure of Resource to Wrong Sphere vulnerability in Fortinet Fortios
An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.
network
low complexity
fortinet CWE-668
5.5
2022-05-04 CVE-2021-43206 Information Exposure Through an Error Message vulnerability in Fortinet Fortios and Fortiproxy
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.
network
fortinet CWE-209
4.3
2022-05-04 CVE-2022-23443 Incorrect Authorization vulnerability in Fortinet Fortisoar
An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.
network
low complexity
fortinet CWE-863
5.0
2022-04-06 CVE-2021-22127 OS Command Injection vulnerability in Fortinet Forticlient
An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name.
7.9