Vulnerabilities > Fortinet > Fortios > 5.6.13

DATE CVE VULNERABILITY TITLE RISK
2022-01-04 CVE-2021-44168 Download of Code Without Integrity Check vulnerability in Fortinet Fortios
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.
local
low complexity
fortinet CWE-494
7.8
2021-12-13 CVE-2021-36169 Unspecified vulnerability in Fortinet Fortios
A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations.
local
low complexity
fortinet
6.0
2021-12-08 CVE-2021-26108 Use of Hard-coded Credentials vulnerability in Fortinet Fortios
A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering.
network
low complexity
fortinet CWE-798
7.5
2021-12-08 CVE-2021-26103 Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortios and Fortiproxy
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack .
network
low complexity
fortinet CWE-345
8.8
2021-12-08 CVE-2021-26110 Unspecified vulnerability in Fortinet Fortios and Fortiproxy
An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.
local
low complexity
fortinet
7.8
2021-12-08 CVE-2021-42757 Out-of-bounds Write vulnerability in Fortinet products
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
local
low complexity
fortinet CWE-787
6.7
2021-08-04 CVE-2021-24018 Out-of-bounds Write vulnerability in Fortinet Fortios
A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.
low complexity
fortinet CWE-787
8.8
2021-04-12 CVE-2019-17656 Out-of-bounds Write vulnerability in Fortinet Fortios
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server.
network
low complexity
fortinet CWE-787
6.5
2021-03-04 CVE-2020-15938 Unspecified vulnerability in Fortinet Fortios
When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.
network
low complexity
fortinet
7.5
2020-10-21 CVE-2020-6648 Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios and Fortiproxy
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.
network
low complexity
fortinet CWE-312
6.5