Vulnerabilities > Fortinet > Fortiproxy > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-05-04 CVE-2021-43206 Information Exposure Through an Error Message vulnerability in Fortinet Fortios and Fortiproxy
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.
network
low complexity
fortinet CWE-209
4.3
2022-02-24 CVE-2021-26092 Cross-site Scripting vulnerability in Fortinet Fortios and Fortiproxy
Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.
network
low complexity
fortinet CWE-79
6.1
2021-12-08 CVE-2021-42757 Out-of-bounds Write vulnerability in Fortinet products
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
local
low complexity
fortinet CWE-787
6.7
2021-06-03 CVE-2021-22130 Out-of-bounds Write vulnerability in Fortinet Fortiproxy
A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value.
network
low complexity
fortinet CWE-787
4.9
2021-04-12 CVE-2019-17656 Out-of-bounds Write vulnerability in Fortinet Fortios
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server.
network
low complexity
fortinet CWE-787
6.5
2021-03-04 CVE-2021-22128 Unspecified vulnerability in Fortinet Fortiproxy
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.
network
low complexity
fortinet
4.3
2020-10-21 CVE-2020-6648 Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios and Fortiproxy
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.
network
low complexity
fortinet CWE-312
6.5
2019-06-04 CVE-2018-13380 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
network
low complexity
fortinet CWE-79
6.1
2019-05-29 CVE-2018-13383 Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
network
low complexity
fortinet CWE-787
6.5