Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2022-04-06 CVE-2021-24009 OS Command Injection vulnerability in Fortinet Fortiwan
Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests.
network
low complexity
fortinet CWE-78
8.8
2022-04-06 CVE-2021-26112 Out-of-bounds Write vulnerability in Fortinet Fortiwan
Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests.
network
low complexity
fortinet CWE-787
critical
9.8
2022-04-06 CVE-2021-26114 SQL Injection vulnerability in Fortinet Fortiwan
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
network
low complexity
fortinet CWE-89
critical
9.8
2022-04-06 CVE-2021-32593 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fortinet Fortiwan
A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages.
network
low complexity
fortinet CWE-327
6.5
2022-04-06 CVE-2021-43205 Information Exposure vulnerability in Fortinet Forticlient
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries.
network
low complexity
fortinet CWE-200
5.3
2022-04-06 CVE-2021-44169 Improper Initialization vulnerability in Fortinet Forticlient
A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory.
local
low complexity
fortinet CWE-665
8.8
2022-04-06 CVE-2022-23440 Use of Hard-coded Credentials vulnerability in Fortinet Fortiedr
A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment.
local
low complexity
fortinet CWE-798
7.8
2022-04-06 CVE-2020-29013 Improper Input Validation vulnerability in Fortinet Fortisandbox
An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests.
network
low complexity
fortinet CWE-20
5.4
2022-04-06 CVE-2022-23441 Use of Hard-coded Credentials vulnerability in Fortinet Fortiedr
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors.
network
low complexity
fortinet CWE-798
critical
9.1
2022-04-06 CVE-2022-23446 Unspecified vulnerability in Fortinet Fortiedr
A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.
local
low complexity
fortinet
4.4