Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2022-11-02 CVE-2022-38373 Cross-site Scripting vulnerability in Fortinet Fortideceptor
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.
network
low complexity
fortinet CWE-79
5.4
2022-11-02 CVE-2022-38374 Cross-site Scripting vulnerability in Fortinet Fortiadc
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.
network
low complexity
fortinet CWE-79
6.1
2022-11-02 CVE-2022-38380 Unspecified vulnerability in Fortinet Fortios
An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API.
network
low complexity
fortinet
4.3
2022-11-02 CVE-2022-38381 Unspecified vulnerability in Fortinet Fortiadc
An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2.
network
low complexity
fortinet
critical
9.8
2022-11-02 CVE-2022-39945 Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortimail
An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (IDOR).
network
low complexity
fortinet CWE-639
6.5
2022-11-02 CVE-2022-39949 Unspecified vulnerability in Fortinet Fortiedr
An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection.
local
low complexity
fortinet
5.5
2022-11-02 CVE-2022-39950 Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4.
network
low complexity
fortinet CWE-79
5.4
2022-11-02 CVE-2022-42473 Missing Authentication for Critical Function vulnerability in Fortinet Fortisoar
A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password.
local
low complexity
fortinet CWE-306
5.5
2022-10-18 CVE-2022-29055 Access of Uninitialized Pointer vulnerability in Fortinet Fortios and Fortiproxy
A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request.
network
low complexity
fortinet CWE-824
7.5
2022-10-18 CVE-2022-33872 OS Command Injection vulnerability in Fortinet Fortitester
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.
network
low complexity
fortinet CWE-78
critical
9.8