Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-36637 | Cross-site Scripting vulnerability in Fortinet Fortimail An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields. | 5.4 |
| 2023-10-10 | CVE-2023-37935 | Unspecified vulnerability in Fortinet Fortios A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | 7.5 |
| 2023-10-10 | CVE-2023-37939 | Unspecified vulnerability in Fortinet Forticlient An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. | 3.3 |
| 2023-10-10 | CVE-2023-40718 | Interpretation Conflict vulnerability in Fortinet Fortios IPS Engine A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. | 7.5 |
| 2023-10-10 | CVE-2023-41675 | Use After Free vulnerability in Fortinet Fortios and Fortiproxy A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. | 5.3 |
| 2023-10-10 | CVE-2023-41679 | Unspecified vulnerability in Fortinet Fortimanager An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs | 9.6 |
| 2023-10-10 | CVE-2023-41838 | OS Command Injection vulnerability in Fortinet Fortianalyzer and Fortimanager An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli. | 7.1 |
| 2023-10-10 | CVE-2023-41841 | Unspecified vulnerability in Fortinet Fortios An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. | 8.8 |
| 2023-10-10 | CVE-2023-42782 | Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortianalyzer A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number. | 5.3 |
| 2023-10-10 | CVE-2023-42787 | Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. | 6.5 |