Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-02 | CVE-2021-41016 | OS Command Injection vulnerability in Fortinet Fortiextender Firmware A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters | 8.8 |
| 2022-02-02 | CVE-2021-42753 | Path Traversal vulnerability in Fortinet Fortiweb An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem. | 8.1 |
| 2022-02-02 | CVE-2021-43062 | Cross-site Scripting vulnerability in Fortinet Fortimail A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service. | 6.1 |
| 2022-02-02 | CVE-2021-43073 | OS Command Injection vulnerability in Fortinet Fortiweb A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 8.8 |
| 2022-01-05 | CVE-2020-15933 | Information Exposure vulnerability in Fortinet Fortimail A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection. | 5.3 |
| 2022-01-04 | CVE-2021-44168 | Download of Code Without Integrity Check vulnerability in Fortinet Fortios A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages. | 7.8 |
| 2021-12-16 | CVE-2021-41028 | Improper Certificate Validation vulnerability in Fortinet products A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol. | 7.5 |
| 2021-12-13 | CVE-2021-36169 | Unspecified vulnerability in Fortinet Fortios A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations. | 6.0 |
| 2021-12-09 | CVE-2021-36167 | Unspecified vulnerability in Fortinet Forticlient An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater. | 5.3 |
| 2021-12-09 | CVE-2021-42759 | OS Command Injection vulnerability in Fortinet Meru Firmware A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. | 6.7 |