Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-36548 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
network
low complexity
fortinet CWE-78
critical
9.8
2023-10-10 CVE-2023-36549 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
network
low complexity
fortinet CWE-78
critical
9.8
2023-10-10 CVE-2023-36550 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
network
low complexity
fortinet CWE-78
critical
9.8
2023-10-10 CVE-2023-36555 Cross-site Scripting vulnerability in Fortinet Fortios
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components.
network
low complexity
fortinet CWE-79
5.4
2023-10-10 CVE-2023-36556 Incorrect Authorization vulnerability in Fortinet Fortimail
An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.
network
low complexity
fortinet CWE-863
8.8
2023-10-10 CVE-2023-36637 Cross-site Scripting vulnerability in Fortinet Fortimail
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields.
network
low complexity
fortinet CWE-79
5.4
2023-10-10 CVE-2023-37935 Unspecified vulnerability in Fortinet Fortios
A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.
network
low complexity
fortinet
7.5
2023-10-10 CVE-2023-37939 Unspecified vulnerability in Fortinet Forticlient
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.
local
low complexity
fortinet
3.3
2023-10-10 CVE-2023-40718 Interpretation Conflict vulnerability in Fortinet Fortios IPS Engine
A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets.
network
low complexity
fortinet CWE-436
7.5
2023-10-10 CVE-2023-41675 Use After Free vulnerability in Fortinet Fortios and Fortiproxy
A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.
network
low complexity
fortinet CWE-416
5.3