Vulnerabilities > Fortinet > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-11 CVE-2023-23777 OS Command Injection vulnerability in Fortinet Fortiweb
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters.
network
low complexity
fortinet CWE-78
7.2
2023-06-13 CVE-2022-39946 Unspecified vulnerability in Fortinet Fortinac
An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.
network
low complexity
fortinet
7.2
2023-06-13 CVE-2022-42478 Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortisiem
An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints.
network
low complexity
fortinet CWE-307
8.8
2023-06-13 CVE-2022-43949 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fortinet Fortisiem
A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods.
network
low complexity
fortinet CWE-327
7.5
2023-06-13 CVE-2022-43953 Use of Externally-Controlled Format String vulnerability in Fortinet Fortios and Fortiproxy
A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands.
local
low complexity
fortinet CWE-134
7.8
2023-06-13 CVE-2023-22633 Unspecified vulnerability in Fortinet Fortinac and Fortinac-F
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.
network
low complexity
fortinet
7.5
2023-06-13 CVE-2023-22639 Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy
A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands.
local
low complexity
fortinet CWE-787
7.8
2023-06-13 CVE-2023-26210 OS Command Injection vulnerability in Fortinet Fortiadc
Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.
local
low complexity
fortinet CWE-78
7.8
2023-06-13 CVE-2023-28000 OS Command Injection vulnerability in Fortinet Fortiadc
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI command.
local
low complexity
fortinet CWE-78
7.8
2023-05-03 CVE-2022-45858 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fortinet Fortinac
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.
network
high complexity
fortinet CWE-327
7.4