Vulnerabilities > Fortinet > Low
|2023-03-07||CVE-2023-23776|| Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortianalyzer |
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer
| 3.1 |
|2023-02-27||CVE-2023-22636|| Unspecified vulnerability in Fortinet Fortiweb |
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.
| 3.3 |
|2023-02-16||CVE-2022-29054|| Unspecified vulnerability in Fortinet Fortios and Fortiproxy |
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.
| 3.3 |
|2022-11-25||CVE-2022-38377|| Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager |
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
| 2.7 |
|2022-05-24||CVE-2022-22306|| Improper Certificate Validation vulnerability in Fortinet Fortios |
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.
| 2.9 |
|2022-04-06||CVE-2022-23446|| Unspecified vulnerability in Fortinet Fortiedr |
A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.
| 2.1 |
|2022-03-02||CVE-2021-44166|| Unspecified vulnerability in Fortinet Fortitoken Mobile |
An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user.
| 3.5 |
|2022-03-02||CVE-2022-22303|| Information Exposure vulnerability in Fortinet Fortimanager |
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.
| 2.1 |
|2022-02-02||CVE-2021-36177|| Unspecified vulnerability in Fortinet Fortiauthenticator |
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.
| 3.3 |
|2021-12-08||CVE-2021-32591|| Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fortinet products |
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.
| 2.6 |