Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-02 | CVE-2021-43073 | OS Command Injection vulnerability in Fortinet Fortiweb A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 6.5 |
| 2022-01-05 | CVE-2020-15933 | Information Exposure vulnerability in Fortinet Fortimail A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection. | 5.0 |
| 2022-01-04 | CVE-2021-44168 | Download of Code Without Integrity Check vulnerability in Fortinet Fortios A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages. | 4.6 |
| 2021-12-16 | CVE-2021-41028 | Improper Certificate Validation vulnerability in Fortinet Forticlient A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol. | 5.4 |
| 2021-12-13 | CVE-2021-36169 | Unspecified vulnerability in Fortinet Fortios A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations. | 6.6 |
| 2021-12-09 | CVE-2021-36167 | Unspecified vulnerability in Fortinet Forticlient An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater. | 5.0 |
| 2021-12-09 | CVE-2021-42759 | OS Command Injection vulnerability in Fortinet Meru Firmware A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. | 7.2 |
| 2021-12-09 | CVE-2021-43065 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortinac A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. | 7.2 |
| 2021-12-09 | CVE-2021-43068 | Improper Authentication vulnerability in Fortinet Fortiauthenticator 6.4.0 A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal. | 5.5 |
| 2021-12-09 | CVE-2021-43071 | Out-of-bounds Write vulnerability in Fortinet Fortiweb A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller. | 6.5 |