Vulnerabilities > Fortinet
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-03 | CVE-2022-43950 | Open Redirect vulnerability in Fortinet Fortinac and Fortinac-F A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. | 4.7 |
2023-05-03 | CVE-2022-45858 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fortinet Fortinac A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks. | 7.4 |
2023-05-03 | CVE-2022-45859 | Insufficiently Protected Credentials vulnerability in Fortinet Fortinac and Fortinac-F An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. | 4.4 |
2023-05-03 | CVE-2022-45860 | Improper Authentication vulnerability in Fortinet Fortinac and Fortinac-F A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. | 7.5 |
2023-05-03 | CVE-2023-22637 | Cross-site Scripting vulnerability in Fortinet Fortinac and Fortinac-F An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. | 9.0 |
2023-05-03 | CVE-2023-22640 | Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. | 8.8 |
2023-05-03 | CVE-2023-26203 | Use of Hard-coded Credentials vulnerability in Fortinet Fortinac and Fortinac-F A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. | 7.8 |
2023-05-03 | CVE-2023-27993 | Path Traversal vulnerability in Fortinet Fortiadc A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands. | 7.1 |
2023-05-03 | CVE-2023-27999 | OS Command Injection vulnerability in Fortinet Fortiadc 7.1.0/7.1.1/7.2.0 An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 7.8 |
2023-04-11 | CVE-2022-27485 | SQL Injection vulnerability in Fortinet Fortisandbox A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request. | 6.5 |