Vulnerabilities > Fortinet > Fortios > 6.0.14

DATE CVE VULNERABILITY TITLE RISK
2022-07-18 CVE-2021-42755 Integer Overflow or Wraparound vulnerability in Fortinet products
An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.
low complexity
fortinet CWE-190
4.3
2022-07-18 CVE-2021-44170 Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy
A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.
local
low complexity
fortinet CWE-787
6.7
2022-05-24 CVE-2022-22306 Improper Certificate Validation vulnerability in Fortinet Fortios
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.
high complexity
fortinet CWE-295
5.3
2022-05-11 CVE-2021-43081 Cross-site Scripting vulnerability in Fortinet Fortios and Fortiproxy
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0.
network
low complexity
fortinet CWE-79
6.1
2021-12-13 CVE-2021-36169 Unspecified vulnerability in Fortinet Fortios
A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations.
local
low complexity
fortinet
6.0
2021-08-04 CVE-2021-24018 Out-of-bounds Write vulnerability in Fortinet Fortios
A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.
low complexity
fortinet CWE-787
8.8
2021-03-04 CVE-2020-15938 Unspecified vulnerability in Fortinet Fortios
When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.
network
low complexity
fortinet
7.5
2020-09-24 CVE-2020-12818 Unspecified vulnerability in Fortinet Fortios
An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.
network
low complexity
fortinet
5.3
2020-08-14 CVE-2019-5591 Missing Authentication for Critical Function vulnerability in Fortinet Fortios
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
low complexity
fortinet CWE-306
6.5
2020-06-16 CVE-2019-17655 Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.
network
low complexity
fortinet CWE-312
7.5