Vulnerabilities > Fortinet > Fortianalyzer > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-08 CVE-2024-45330 Unspecified vulnerability in Fortinet Fortianalyzer and Fortianalyzer Cloud
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
network
low complexity
fortinet
7.2
2024-08-13 CVE-2024-21757 Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager
A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.
local
low complexity
fortinet
7.8
2023-10-10 CVE-2023-25607 OS Command Injection vulnerability in Fortinet Fortiadc, Fortianalyzer and Fortimanager
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC  7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function.
local
low complexity
fortinet CWE-78
7.8
2023-10-10 CVE-2023-41838 OS Command Injection vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.
local
low complexity
fortinet CWE-78
7.1
2023-04-11 CVE-2023-22642 Improper Certificate Validation vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources.
network
high complexity
fortinet CWE-295
8.1
2023-03-07 CVE-2023-25611 Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortianalyzer
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.
local
low complexity
fortinet CWE-1236
7.3
2022-07-19 CVE-2022-27483 OS Command Injection vulnerability in Fortinet Fortianalyzer and Fortimanager
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands.
network
low complexity
fortinet CWE-78
7.2
2022-04-06 CVE-2021-26104 OS Command Injection vulnerability in Fortinet Fortianalyzer, Fortimanager and Fortiportal
Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters.
local
low complexity
fortinet CWE-78
7.8
2022-03-01 CVE-2022-22300 Improper Handling of Exceptional Conditions vulnerability in Fortinet Fortianalyzer and Fortimanager
A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.
network
low complexity
fortinet CWE-755
8.8
2020-09-24 CVE-2020-12817 Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortitester
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.
network
low complexity
fortinet CWE-79
8.8