Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2022-09-06 CVE-2022-29058 SQL Injection vulnerability in Fortinet products
An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
local
low complexity
fortinet CWE-89
7.8
2022-09-06 CVE-2022-29062 Path Traversal vulnerability in Fortinet Fortisoar
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests.
network
low complexity
fortinet CWE-22
6.5
2022-09-06 CVE-2022-30298 Improper Privilege Management vulnerability in Fortinet Fortisoar
An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.
local
low complexity
fortinet CWE-269
7.8
2022-09-06 CVE-2022-35847 Code Injection vulnerability in Fortinet Fortisoar
An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.
network
low complexity
fortinet CWE-94
8.8
2022-09-06 CVE-2021-43076 Improper Privilege Management vulnerability in Fortinet Fortiadc
An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access.
network
low complexity
fortinet CWE-269
6.5
2022-09-06 CVE-2021-43080 Cross-site Scripting vulnerability in Fortinet Fortios
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors.
network
low complexity
fortinet CWE-79
5.4
2022-09-06 CVE-2022-26114 Cross-site Scripting vulnerability in Fortinet Fortimail
An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages.
network
low complexity
fortinet CWE-79
6.1
2022-08-05 CVE-2022-22299 Use of Externally-Controlled Format String vulnerability in Fortinet products
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
local
low complexity
fortinet CWE-134
7.8
2022-08-03 CVE-2022-23442 Unspecified vulnerability in Fortinet Fortios
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.
network
low complexity
fortinet
4.3
2022-08-03 CVE-2022-27484 Improper Authentication vulnerability in Fortinet Fortiadc
A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.
network
low complexity
fortinet CWE-287
4.3