Vulnerabilities > Fortinet > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-06 | CVE-2021-32585 | Cross-site Scripting vulnerability in Fortinet Fortiwan 4.2.4 An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests. | 4.3 |
| 2022-04-06 | CVE-2021-41026 | Path Traversal vulnerability in Fortinet Fortiweb A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | 4.0 |
| 2022-04-06 | CVE-2021-32593 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fortinet Fortiwan 4.2.4 A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages. | 6.4 |
| 2022-04-06 | CVE-2021-43205 | Information Exposure vulnerability in Fortinet Forticlient An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries. | 5.0 |
| 2022-04-06 | CVE-2021-44169 | Improper Initialization vulnerability in Fortinet Forticlient A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory. | 4.6 |
| 2022-04-06 | CVE-2022-23440 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiedr A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment. | 4.6 |
| 2022-04-06 | CVE-2020-29013 | Improper Input Validation vulnerability in Fortinet Fortisandbox An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests. | 5.5 |
| 2022-04-06 | CVE-2022-23441 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiedr A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors. | 6.4 |
| 2022-03-02 | CVE-2021-43070 | Path Traversal vulnerability in Fortinet Fortiwlm Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | 4.0 |
| 2022-03-02 | CVE-2022-22301 | OS Command Injection vulnerability in Fortinet Fortiap-C An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments. | 4.6 |