Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2024-52967 Cross-site Scripting vulnerability in Fortinet Fortiportal
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection.
network
low complexity
fortinet CWE-79
4.8
2025-01-14 CVE-2024-52969 SQL Injection vulnerability in Fortinet Fortisiem
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests.
network
low complexity
fortinet CWE-89
6.5
2025-01-14 CVE-2024-54021 Interpretation Conflict vulnerability in Fortinet Fortios and Fortiproxy
An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header.
network
low complexity
fortinet CWE-436
critical
9.8
2025-01-14 CVE-2024-55591 Unspecified vulnerability in Fortinet Fortios and Fortiproxy
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
network
low complexity
fortinet
critical
9.8
2025-01-14 CVE-2024-55593 SQL Injection vulnerability in Fortinet Fortiweb
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries
network
low complexity
fortinet CWE-89
2.7
2025-01-14 CVE-2024-56497 OS Command Injection vulnerability in Fortinet Fortimail and Fortirecorder
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI.
local
low complexity
fortinet CWE-78
6.7
2024-12-19 CVE-2021-26102 Path Traversal vulnerability in Fortinet Fortiwan
A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request.
network
low complexity
fortinet CWE-22
critical
9.1
2024-12-19 CVE-2021-32589 Unspecified vulnerability in Fortinet Fortianalyzer, Fortimanager and Fortiportal
A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.
network
low complexity
fortinet
critical
9.8
2024-12-19 CVE-2020-12820 Out-of-bounds Write vulnerability in Fortinet Fortios
Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name.
network
low complexity
fortinet CWE-787
8.8
2024-12-19 CVE-2020-15934 Improper Privilege Management vulnerability in Fortinet Forticlient
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0.
local
low complexity
fortinet CWE-269
7.8