Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-09 | CVE-2021-36189 | Missing Encryption of Sensitive Data vulnerability in Fortinet Forticlient Enterprise Management Server A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data | 4.0 |
| 2021-12-09 | CVE-2021-36194 | Out-of-bounds Write vulnerability in Fortinet Fortiweb Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests. | 6.5 |
| 2021-12-09 | CVE-2021-43204 | Unspecified vulnerability in Fortinet Forticlient A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions. | 4.9 |
| 2021-12-08 | CVE-2021-36173 | Out-of-bounds Write vulnerability in Fortinet Fortios A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images. | 6.8 |
| 2021-12-08 | CVE-2021-36195 | OS Command Injection vulnerability in Fortinet Fortiweb Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments. | 9.0 |
| 2021-12-08 | CVE-2021-41017 | Out-of-bounds Write vulnerability in Fortinet Fortiweb Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests. | 6.5 |
| 2021-12-08 | CVE-2021-41025 | Race Condition vulnerability in Fortinet Fortiweb Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer. | 7.5 |
| 2021-12-08 | CVE-2021-41021 | Unspecified vulnerability in Fortinet Fortinac A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. | 7.2 |
| 2021-12-08 | CVE-2021-41030 | Authentication Bypass by Capture-replay vulnerability in Fortinet Forticlient Enterprise Management Server An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages. | 6.4 |
| 2021-12-08 | CVE-2021-36188 | Cross-site Scripting vulnerability in Fortinet Fortiweb A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers | 4.3 |