Vulnerabilities > Fortinet > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-19 | CVE-2022-27483 | OS Command Injection vulnerability in Fortinet Fortianalyzer and Fortimanager A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands. | 7.2 |
| 2022-07-19 | CVE-2022-29060 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiddos A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device. | 8.1 |
| 2022-07-19 | CVE-2022-30302 | Path Traversal vulnerability in Fortinet Fortideceptor Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests. | 8.1 |
| 2022-07-18 | CVE-2021-41031 | Path Traversal vulnerability in Fortinet Forticlient A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service. | 7.8 |
| 2022-07-18 | CVE-2022-26117 | Weak Password Requirements vulnerability in Fortinet Fortinac An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. | 8.8 |
| 2022-07-18 | CVE-2022-26120 | SQL Injection vulnerability in Fortinet Fortiadc Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 8.8 |
| 2022-05-11 | CVE-2021-43066 | Exposure of Resource to Wrong Sphere vulnerability in Fortinet Forticlient A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer. | 7.8 |
| 2022-05-11 | CVE-2021-44167 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Forticlient An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links. | 7.5 |
| 2022-05-11 | CVE-2022-26116 | SQL Injection vulnerability in Fortinet Fortinac Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. | 8.8 |
| 2022-05-04 | CVE-2021-41020 | Unspecified vulnerability in Fortinet Fortiisolator 2.3.0/2.3.1/2.3.2 An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. | 8.8 |