Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2023-03-09 CVE-2022-29056 Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortimail
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.
network
low complexity
fortinet CWE-307
5.3
2023-03-09 CVE-2023-26208 Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortiauthenticator
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.
network
low complexity
fortinet CWE-307
5.3
2023-03-09 CVE-2023-26209 Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortideceptor
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.
network
low complexity
fortinet CWE-307
5.3
2023-03-07 CVE-2022-22297 Unspecified vulnerability in Fortinet Fortirecorder Firmware and Fortiweb
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.
local
low complexity
fortinet
5.5
2023-03-07 CVE-2022-27490 Information Exposure vulnerability in Fortinet products
A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.
network
low complexity
fortinet CWE-200
6.5
2023-03-07 CVE-2022-39951 OS Command Injection vulnerability in Fortinet Fortiweb
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
network
low complexity
fortinet CWE-78
8.8
2023-03-07 CVE-2022-39953 Improper Privilege Management vulnerability in Fortinet Fortinac
A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.
local
low complexity
fortinet CWE-269
7.8
2023-03-07 CVE-2022-40676 Cross-site Scripting vulnerability in Fortinet Fortinac
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.
network
low complexity
fortinet CWE-79
5.4
2023-03-07 CVE-2022-41328 Path Traversal vulnerability in Fortinet Fortios
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.
local
low complexity
fortinet CWE-22
7.1
2023-03-07 CVE-2022-41329 Information Exposure vulnerability in Fortinet Fortios and Fortiproxy
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests.
network
low complexity
fortinet CWE-200
5.3