Vulnerabilities > Fortinet > Fortios > 6.4.8

DATE CVE VULNERABILITY TITLE RISK
2022-07-18 CVE-2021-44170 Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy
A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.
local
low complexity
fortinet CWE-787
6.7
2022-05-24 CVE-2022-22306 Improper Certificate Validation vulnerability in Fortinet Fortios
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.
high complexity
fortinet CWE-295
5.3
2022-05-11 CVE-2021-43081 Cross-site Scripting vulnerability in Fortinet Fortios and Fortiproxy
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0.
network
low complexity
fortinet CWE-79
6.1
2022-05-04 CVE-2021-41032 Unspecified vulnerability in Fortinet Fortios
An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.
network
low complexity
fortinet
5.4
2022-01-04 CVE-2021-44168 Download of Code Without Integrity Check vulnerability in Fortinet Fortios
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.
local
low complexity
fortinet CWE-494
7.8