Vulnerabilities > Fortinet > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-06 | CVE-2021-26114 | SQL Injection vulnerability in Fortinet Fortiwan 4.2.4 Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 7.5 |
2022-03-01 | CVE-2021-32586 | Improper Input Validation vulnerability in Fortinet Fortimail An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests. | 7.5 |
2022-03-01 | CVE-2022-22300 | Improper Handling of Exceptional Conditions vulnerability in Fortinet Fortianalyzer and Fortimanager A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user. | 8.8 |
2022-03-01 | CVE-2021-36166 | Use of Insufficiently Random Values vulnerability in Fortinet Fortimail An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties. | 7.5 |
2022-02-02 | CVE-2021-42753 | Path Traversal vulnerability in Fortinet Fortiweb An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem. | 8.5 |
2021-12-09 | CVE-2021-42759 | OS Command Injection vulnerability in Fortinet Meru Firmware A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. | 7.2 |
2021-12-09 | CVE-2021-43065 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortinac A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. | 7.2 |
2021-12-08 | CVE-2021-41025 | Race Condition vulnerability in Fortinet Fortiweb Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer. | 7.5 |
2021-12-08 | CVE-2021-41021 | Unspecified vulnerability in Fortinet Fortinac A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. | 7.2 |
2021-12-08 | CVE-2021-26109 | Integer Overflow or Wraparound vulnerability in Fortinet Fortios An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution. | 7.5 |