Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-42788 | OS Command Injection vulnerability in Fortinet Fortianalyzer and Fortimanager An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command | 6.7 |
| 2023-10-10 | CVE-2023-44249 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortianalyzer and Fortimanager An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | 6.5 |
| 2023-09-13 | CVE-2021-44172 | Information Exposure vulnerability in Fortinet Forticlient Endpoint Management Server An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path. | 5.3 |
| 2023-09-13 | CVE-2022-35849 | OS Command Injection vulnerability in Fortinet Fortiadc An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 8.8 |
| 2023-09-13 | CVE-2023-25608 | Unspecified vulnerability in Fortinet products An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments. | 6.5 |
| 2023-09-13 | CVE-2023-27998 | Improper Handling of Exceptional Conditions vulnerability in Fortinet Fortipresence A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths. | 5.3 |
| 2023-09-13 | CVE-2023-29183 | Cross-site Scripting vulnerability in Fortinet Fortios and Fortiproxy An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting. | 5.4 |
| 2023-09-13 | CVE-2023-34984 | Unspecified vulnerability in Fortinet Fortiweb A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | 8.8 |
| 2023-09-13 | CVE-2023-36551 | Unspecified vulnerability in Fortinet Fortisiem A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request. | 5.3 |
| 2023-09-13 | CVE-2023-36634 | Unspecified vulnerability in Fortinet Fortiap-U An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments. | 8.8 |