Vulnerabilities > Fortinet > Fortios > Low

DATE CVE VULNERABILITY TITLE RISK
2023-07-11 CVE-2022-22302 Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortiauthenticator and Fortios
A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem.
local
low complexity
fortinet CWE-312
3.3
2023-06-13 CVE-2022-42474 Path Traversal vulnerability in Fortinet Fortiproxy and Fortiswitchmanager
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.
network
low complexity
fortinet CWE-22
2.7
2023-02-16 CVE-2022-29054 Unspecified vulnerability in Fortinet Fortios and Fortiproxy
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.
local
low complexity
fortinet
3.3
2022-05-24 CVE-2022-22306 Improper Certificate Validation vulnerability in Fortinet Fortios
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.
2.9
2021-11-17 CVE-2021-32600 Unspecified vulnerability in Fortinet Fortios
An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list.
local
low complexity
fortinet
2.1
2020-01-23 CVE-2019-5593 Incorrect Default Permissions vulnerability in Fortinet Fortios
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.
local
low complexity
fortinet CWE-276
2.1
2019-10-24 CVE-2019-15703 Insufficient Entropy vulnerability in Fortinet Fortios
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.
network
high complexity
fortinet CWE-331
2.6
2017-11-29 CVE-2017-14186 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter.
network
fortinet CWE-79
3.5
2017-09-12 CVE-2017-3131 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
network
fortinet CWE-79
3.5
2017-09-12 CVE-2017-7734 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.
network
fortinet CWE-79
3.5