Vulnerabilities > Fortinet > Fortios > 6.0.15

DATE CVE VULNERABILITY TITLE RISK
2022-12-06 CVE-2022-35843 Improper Authentication vulnerability in Fortinet Fortios and Fortiproxy
An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.
network
low complexity
fortinet CWE-287
critical
 9.8
9.8
2022-12-06 CVE-2022-40680 Cross-site Scripting vulnerability in Fortinet Fortios
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages.
network
low complexity
fortinet CWE-79
5.4
5.4
2021-08-04 CVE-2021-24018 Out-of-bounds Write vulnerability in Fortinet Fortios
A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.
low complexity
fortinet CWE-787
8.8
8.8