Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2022-12-06 CVE-2022-40680 Cross-site Scripting vulnerability in Fortinet Fortios
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages.
network
low complexity
fortinet CWE-79
5.4
2022-11-25 CVE-2022-38377 Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
network
low complexity
fortinet
2.7
2022-11-02 CVE-2022-26119 Use of Hard-coded Credentials vulnerability in Fortinet Fortisiem
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password.
local
low complexity
fortinet CWE-798
7.8
2022-11-02 CVE-2022-26122 Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortimail and Fortios
An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.
network
low complexity
fortinet CWE-345
8.6
2022-11-02 CVE-2022-30307 Unspecified vulnerability in Fortinet Fortios
A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack.
network
high complexity
fortinet
8.1
2022-11-02 CVE-2022-33870 OS Command Injection vulnerability in Fortinet Fortitester
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
local
low complexity
fortinet CWE-78
7.8
2022-11-02 CVE-2022-33878 Information Exposure vulnerability in Fortinet Forticlient
An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal.
local
low complexity
fortinet CWE-200
5.5
2022-11-02 CVE-2022-35842 Information Exposure vulnerability in Fortinet Fortios
An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.
network
low complexity
fortinet CWE-200
7.5
2022-11-02 CVE-2022-35851 Cross-site Scripting vulnerability in Fortinet Fortiadc 7.1.0
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address.
network
low complexity
fortinet CWE-79
5.4
2022-11-02 CVE-2022-38372 Unspecified vulnerability in Fortinet Fortitester
A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command.
local
low complexity
fortinet
6.7