Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-06 | CVE-2021-44169 | Improper Initialization vulnerability in Fortinet Forticlient A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory. | 8.8 |
| 2022-04-06 | CVE-2022-23440 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiedr A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment. | 7.8 |
| 2022-04-06 | CVE-2020-29013 | Improper Input Validation vulnerability in Fortinet Fortisandbox An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests. | 5.4 |
| 2022-04-06 | CVE-2022-23441 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiedr A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors. | 9.1 |
| 2022-04-06 | CVE-2022-23446 | Unspecified vulnerability in Fortinet Fortiedr A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission. | 4.4 |
| 2022-03-02 | CVE-2021-43070 | Path Traversal vulnerability in Fortinet Fortiwlm Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | 6.5 |
| 2022-03-02 | CVE-2021-44166 | Unspecified vulnerability in Fortinet Fortitoken Mobile An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user. | 4.1 |
| 2022-03-02 | CVE-2022-22301 | OS Command Injection vulnerability in Fortinet Fortiap-C An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments. | 7.8 |
| 2022-03-02 | CVE-2022-22303 | Information Exposure vulnerability in Fortinet Fortimanager An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file. | 5.5 |
| 2022-03-01 | CVE-2020-15936 | Improper Input Validation vulnerability in Fortinet Fortios A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. | 4.5 |