Vulnerabilities > Fortinet > High
|2023-03-07||CVE-2022-39951|| OS Command Injection vulnerability in Fortinet Fortiweb |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
| 8.8 |
|2023-03-07||CVE-2022-39953|| Improper Privilege Management vulnerability in Fortinet Fortinac |
A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.
| 7.8 |
|2023-03-07||CVE-2022-41328|| Path Traversal vulnerability in Fortinet Fortios |
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.
| 7.1 |
|2023-03-07||CVE-2022-41333|| Resource Exhaustion vulnerability in Fortinet Fortirecorder Firmware |
An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.
| 7.5 |
|2023-03-07||CVE-2022-42476|| Path Traversal vulnerability in Fortinet Fortios and Fortiproxy |
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.
| 8.2 |
|2023-03-07||CVE-2023-25605|| Unspecified vulnerability in Fortinet Fortisoar |
A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.
| 7.2 |
|2023-03-07||CVE-2023-25611|| Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortianalyzer |
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.
| 7.3 |
|2023-02-16||CVE-2022-26115|| Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortisandbox |
A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.
| 7.5 |
|2023-02-16||CVE-2022-27482|| OS Command Injection vulnerability in Fortinet Fortiadc |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands.
| 7.8 |
|2023-02-16||CVE-2022-27489|| OS Command Injection vulnerability in Fortinet Fortiextender Firmware |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
| 7.2 |