Vulnerabilities > Fortinet > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-45582 Unspecified vulnerability in Fortinet Fortimail
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to  perform a brute force attack on the affected endpoints via repeated login attempts.
network
low complexity
fortinet
7.3
7.3
2023-10-13 CVE-2023-33303 Insufficient Session Expiration vulnerability in Fortinet Fortiedr 5.0.0/5.0.1
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request
network
high complexity
fortinet CWE-613
8.1
8.1
2023-10-13 CVE-2023-41682 Path Traversal vulnerability in Fortinet Fortisandbox
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests.
network
low complexity
fortinet CWE-22
7.5
7.5
2023-10-10 CVE-2022-22298 OS Command Injection vulnerability in Fortinet Fortiisolator
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.
local
low complexity
fortinet CWE-78
7.8
7.8
2023-10-10 CVE-2023-25607 OS Command Injection vulnerability in Fortinet Fortiadc, Fortianalyzer and Fortimanager
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC  7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function.
local
low complexity
fortinet CWE-78
7.8
7.8
2023-10-10 CVE-2023-34985 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.
network
low complexity
fortinet CWE-78
8.8
8.8
2023-10-10 CVE-2023-34986 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.
network
low complexity
fortinet CWE-78
8.8
8.8
2023-10-10 CVE-2023-34987 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.
network
low complexity
fortinet CWE-78
8.8
8.8
2023-10-10 CVE-2023-34988 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.
network
low complexity
fortinet CWE-78
8.8
8.8
2023-10-10 CVE-2023-34989 OS Command Injection vulnerability in Fortinet Fortiwlm
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.
network
low complexity
fortinet CWE-78
8.8
8.8