Vulnerabilities > Fortinet > Fortiedr

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-44248 Unspecified vulnerability in Fortinet Fortiedr 4.0.0/5.0.3
An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service.
local
low complexity
fortinet
5.5
2023-10-13 CVE-2023-33303 Insufficient Session Expiration vulnerability in Fortinet Fortiedr 5.0.0/5.0.1
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request
network
high complexity
fortinet CWE-613
8.1
2022-11-02 CVE-2022-39949 Unspecified vulnerability in Fortinet Fortiedr
An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection.
local
low complexity
fortinet
5.5
2022-07-19 CVE-2022-29057 Cross-site Scripting vulnerability in Fortinet Fortiedr
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.
network
low complexity
fortinet CWE-79
5.4
2022-04-06 CVE-2022-23440 Use of Hard-coded Credentials vulnerability in Fortinet Fortiedr
A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment.
local
low complexity
fortinet CWE-798
7.8
2022-04-06 CVE-2022-23441 Use of Hard-coded Credentials vulnerability in Fortinet Fortiedr
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors.
network
low complexity
fortinet CWE-798
critical
9.1
2022-04-06 CVE-2022-23446 Unspecified vulnerability in Fortinet Fortiedr
A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.
local
low complexity
fortinet
4.4