Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-06 | CVE-2021-24005 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiauthenticator Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key. | 7.5 |
| 2021-06-03 | CVE-2021-24023 | OS Command Injection vulnerability in Fortinet Fortiai Firmware An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command. | 8.8 |
| 2021-06-03 | CVE-2021-22130 | Out-of-bounds Write vulnerability in Fortinet Fortiproxy A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. | 4.9 |
| 2021-06-02 | CVE-2021-24012 | Improper Certificate Validation vulnerability in Fortinet Fortios An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority. | 7.3 |
| 2021-06-02 | CVE-2020-6641 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortipresence Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters. | 4.3 |
| 2021-06-01 | CVE-2021-22123 | OS Command Injection vulnerability in Fortinet Fortiweb An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page. | 8.8 |
| 2021-06-01 | CVE-2021-26111 | Memory Leak vulnerability in Fortinet Fortiswitch A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device. | 6.5 |
| 2021-05-10 | CVE-2021-24011 | Unspecified vulnerability in Fortinet Fortinac A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. | 7.2 |
| 2021-04-12 | CVE-2021-24024 | Information Exposure Through Log Files vulnerability in Fortinet Fortiadc A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files. | 6.5 |
| 2021-04-12 | CVE-2020-15942 | Insufficiently Protected Credentials vulnerability in Fortinet Fortiweb An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile. | 6.5 |