Vulnerabilities > Fortinet > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2023-50176 Session Fixation vulnerability in Fortinet Fortios
A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link.
network
low complexity
fortinet CWE-384
8.8
2024-11-12 CVE-2024-36507 Untrusted Search Path vulnerability in Fortinet Forticlient
A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering.
local
low complexity
fortinet CWE-426
7.8
2024-11-12 CVE-2024-36513 Privilege Context Switching Error vulnerability in Fortinet Forticlient
A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.
local
low complexity
fortinet CWE-270
8.8
2024-10-08 CVE-2024-45330 Unspecified vulnerability in Fortinet Fortianalyzer and Fortianalyzer Cloud
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
network
low complexity
fortinet
7.2
2024-09-10 CVE-2024-31489 Improper Certificate Validation vulnerability in Fortinet Forticlient
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation
network
high complexity
fortinet CWE-295
8.1
2024-09-10 CVE-2024-33508 Command Injection vulnerability in Fortinet Forticlient Enterprise Management Server
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests.
network
low complexity
fortinet CWE-77
7.3
2024-08-13 CVE-2022-27486 OS Command Injection vulnerability in Fortinet Fortiddos and Fortiddos-F
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root` via `execute` CLI commands.
local
low complexity
fortinet CWE-78
7.8
2024-08-13 CVE-2022-45862 Insufficient Session Expiration vulnerability in Fortinet products
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials.
network
low complexity
fortinet CWE-613
8.8
2024-08-13 CVE-2024-21757 Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager
A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.
local
low complexity
fortinet
7.8
2024-07-09 CVE-2023-50178 Unspecified vulnerability in Fortinet Fortiadc
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud.
network
high complexity
fortinet
7.4