Vulnerabilities > Fortinet > Fortiedr > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-44248 Unspecified vulnerability in Fortinet Fortiedr 4.0.0/5.0.3
An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service.
local
low complexity
fortinet
5.5
2022-11-02 CVE-2022-39949 Unspecified vulnerability in Fortinet Fortiedr
An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection.
local
low complexity
fortinet
5.5
2022-07-19 CVE-2022-29057 Cross-site Scripting vulnerability in Fortinet Fortiedr
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.
network
low complexity
fortinet CWE-79
5.4
2022-04-06 CVE-2022-23446 Unspecified vulnerability in Fortinet Fortiedr
A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.
local
low complexity
fortinet
4.4