Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2022-01-05 CVE-2020-15933 Information Exposure vulnerability in Fortinet Fortimail
A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection.
network
low complexity
fortinet CWE-200
5.0
2022-01-04 CVE-2021-44168 Download of Code Without Integrity Check vulnerability in Fortinet Fortios
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.
local
low complexity
fortinet CWE-494
4.6
2021-12-16 CVE-2021-41028 Improper Certificate Validation vulnerability in Fortinet Forticlient
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.
5.4
2021-12-13 CVE-2021-36169 Incorrect Authorization vulnerability in Fortinet Fortios
A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations.
local
low complexity
fortinet CWE-863
6.6
2021-12-09 CVE-2021-36167 Incorrect Authorization vulnerability in Fortinet Forticlient
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater.
network
low complexity
fortinet CWE-863
5.0
2021-12-09 CVE-2021-42759 OS Command Injection vulnerability in Fortinet Meru Firmware
A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands.
local
low complexity
fortinet CWE-78
7.2
2021-12-09 CVE-2021-43065 Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortinac
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.
local
low complexity
fortinet CWE-732
7.2
2021-12-09 CVE-2021-43068 Improper Authentication vulnerability in Fortinet Fortiauthenticator 6.4.0
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal.
network
low complexity
fortinet CWE-287
5.5
2021-12-09 CVE-2021-43071 Out-of-bounds Write vulnerability in Fortinet Fortiweb
A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.
network
low complexity
fortinet CWE-787
6.5
2021-12-09 CVE-2021-36189 Missing Encryption of Sensitive Data vulnerability in Fortinet Forticlient Enterprise Management Server
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data
network
low complexity
fortinet CWE-311
4.0