Vulnerabilities > Fortinet > Fortiadc > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-13 | CVE-2023-41673 | Improper Authorization vulnerability in Fortinet Fortiadc An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests. | 5.4 |
2023-11-14 | CVE-2023-29177 | Classic Buffer Overflow vulnerability in Fortinet Fortiadc and Fortiddos-F Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests. | 6.7 |
2023-04-11 | CVE-2022-43952 | Cross-site Scripting vulnerability in Fortinet Fortiadc An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7.1.1 and below, version 7.0.3 and below, version 6.2.5 and below may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests. | 5.4 |
2022-12-06 | CVE-2022-33876 | Improper Input Validation vulnerability in Fortinet Fortiadc Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests. | 6.5 |
2022-11-02 | CVE-2022-35851 | Cross-site Scripting vulnerability in Fortinet Fortiadc 7.1.0 An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address. | 5.4 |
2022-11-02 | CVE-2022-38374 | Cross-site Scripting vulnerability in Fortinet Fortiadc 7.0.0/7.0.1/7.0.2 A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews. | 6.1 |
2022-08-03 | CVE-2022-27484 | Improper Authentication vulnerability in Fortinet Fortiadc A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request. | 4.3 |
2021-12-08 | CVE-2021-32591 | Unspecified vulnerability in Fortinet products A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets. | 5.3 |
2021-12-08 | CVE-2021-42757 | Out-of-bounds Write vulnerability in Fortinet products A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. | 6.7 |
2021-11-02 | CVE-2020-15935 | Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortiadc A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields. | 4.0 |