Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2023-03-07 CVE-2023-25611 Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortianalyzer
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.
local
low complexity
fortinet CWE-1236
7.3
2023-02-27 CVE-2023-22636 Unspecified vulnerability in Fortinet Fortiweb
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.
local
low complexity
fortinet
3.3
2023-02-16 CVE-2021-42756 Out-of-bounds Write vulnerability in Fortinet Fortiweb
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.
network
low complexity
fortinet CWE-787
critical
9.8
2023-02-16 CVE-2021-42761 Session Fixation vulnerability in Fortinet Fortiweb
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.
network
low complexity
fortinet CWE-384
critical
9.8
2023-02-16 CVE-2021-43074 Improper Verification of Cryptographic Signature vulnerability in Fortinet products
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.
network
low complexity
fortinet CWE-347
4.3
2023-02-16 CVE-2022-26115 Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortisandbox
A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.
network
low complexity
fortinet CWE-916
7.5
2023-02-16 CVE-2022-27482 OS Command Injection vulnerability in Fortinet Fortiadc
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands.
local
low complexity
fortinet CWE-78
7.8
2023-02-16 CVE-2022-27489 OS Command Injection vulnerability in Fortinet Fortiextender Firmware
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
network
low complexity
fortinet CWE-78
7.2
2023-02-16 CVE-2022-29054 Unspecified vulnerability in Fortinet Fortios and Fortiproxy
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.
local
low complexity
fortinet
3.3
2023-02-16 CVE-2022-30299 Path Traversal vulnerability in Fortinet Fortiweb
A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests.
network
low complexity
fortinet CWE-22
4.3