Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-45585 Unspecified vulnerability in Fortinet Fortisiem
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.
local
low complexity
fortinet
3.3
2023-10-20 CVE-2023-44256 Server-Side Request Forgery (SSRF) vulnerability in Fortinet Fortianalyzer and Fortimanager
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.
network
low complexity
fortinet CWE-918
6.5
2023-10-13 CVE-2023-33303 Insufficient Session Expiration vulnerability in Fortinet Fortiedr 5.0.0/5.0.1
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request
network
high complexity
fortinet CWE-613
8.1
2023-10-13 CVE-2023-41680 Cross-site Scripting vulnerability in Fortinet Fortisandbox
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
network
low complexity
fortinet CWE-79
6.1
2023-10-13 CVE-2023-41681 Cross-site Scripting vulnerability in Fortinet Fortisandbox
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
network
low complexity
fortinet CWE-79
6.1
2023-10-13 CVE-2023-41682 Path Traversal vulnerability in Fortinet Fortisandbox
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests.
network
low complexity
fortinet CWE-22
7.5
2023-10-13 CVE-2023-41836 Cross-site Scripting vulnerability in Fortinet Fortisandbox
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
network
low complexity
fortinet CWE-79
6.1
2023-10-13 CVE-2023-41843 Cross-site Scripting vulnerability in Fortinet Fortisandbox
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
network
low complexity
fortinet CWE-79
5.4
2023-10-10 CVE-2022-22298 OS Command Injection vulnerability in Fortinet Fortiisolator
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.
local
low complexity
fortinet CWE-78
7.8
2023-10-10 CVE-2023-25604 Information Exposure Through Log Files vulnerability in Fortinet Fortiguest 1.0.0
An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs.
local
low complexity
fortinet CWE-532
5.5