Vulnerabilities > Fortinet > Fortiadc > 5.4.1

DATE CVE VULNERABILITY TITLE RISK
2022-12-06 CVE-2022-33876 Improper Input Validation vulnerability in Fortinet Fortiadc
Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.
network
low complexity
fortinet CWE-20
6.5
2022-11-02 CVE-2022-38381 Unspecified vulnerability in Fortinet Fortiadc
An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2.
network
low complexity
fortinet
critical
9.8
2022-09-06 CVE-2021-43076 Improper Privilege Management vulnerability in Fortinet Fortiadc
An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access.
network
low complexity
fortinet CWE-269
6.5
2022-08-03 CVE-2022-27484 Improper Authentication vulnerability in Fortinet Fortiadc
A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.
network
low complexity
fortinet CWE-287
4.3
2022-07-18 CVE-2022-26120 SQL Injection vulnerability in Fortinet Fortiadc
Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
network
low complexity
fortinet CWE-89
8.8
2021-12-08 CVE-2021-32591 Unspecified vulnerability in Fortinet products
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.
network
high complexity
fortinet
5.3
2021-12-08 CVE-2021-42757 Out-of-bounds Write vulnerability in Fortinet products
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
local
low complexity
fortinet CWE-787
6.7
2021-11-02 CVE-2020-15935 Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortiadc
A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields.
network
low complexity
fortinet CWE-312
4.3
2019-01-22 CVE-2018-13374 Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortiadc and Fortios
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
network
low complexity
fortinet CWE-732
4.3