Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2023-09-13 CVE-2023-27998 Improper Handling of Exceptional Conditions vulnerability in Fortinet Fortipresence
A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.
network
low complexity
fortinet CWE-755
5.3
2023-09-13 CVE-2023-29183 Cross-site Scripting vulnerability in Fortinet Fortios and Fortiproxy
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.
network
low complexity
fortinet CWE-79
5.4
2023-09-13 CVE-2023-34984 Unspecified vulnerability in Fortinet Fortiweb
A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
network
low complexity
fortinet
8.8
2023-09-13 CVE-2023-36551 Unspecified vulnerability in Fortinet Fortisiem
A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request.
network
low complexity
fortinet
5.3
2023-09-13 CVE-2023-36634 Unspecified vulnerability in Fortinet Fortiap-U
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.
network
low complexity
fortinet
8.8
2023-09-13 CVE-2023-36638 Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.
network
low complexity
fortinet
4.3
2023-09-13 CVE-2023-36642 OS Command Injection vulnerability in Fortinet Fortitester
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
local
low complexity
fortinet CWE-78
7.8
2023-09-13 CVE-2023-40715 Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortitester
A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.
local
low complexity
fortinet CWE-312
5.5
2023-09-13 CVE-2023-40717 Use of Hard-coded Credentials vulnerability in Fortinet Fortitester
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.
local
low complexity
fortinet CWE-798
7.8
2023-09-07 CVE-2023-36635 Unspecified vulnerability in Fortinet Fortiswitchmanager
An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API.
network
low complexity
fortinet
4.3