Vulnerabilities > Fortinet > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-04 CVE-2021-36168 Path Traversal vulnerability in Fortinet Fortiportal
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values.
network
low complexity
fortinet CWE-22
6.5
2021-07-20 CVE-2021-24022 Classic Buffer Overflow vulnerability in Fortinet Fortianalyzer and Fortimanager
A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.
local
low complexity
fortinet CWE-120
4.4
2021-07-12 CVE-2021-24013 Path Traversal vulnerability in Fortinet Fortimail
Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.
network
low complexity
fortinet CWE-22
6.5
2021-07-12 CVE-2021-26099 Unspecified vulnerability in Fortinet Fortimail
Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.
network
low complexity
fortinet
4.9
2021-07-09 CVE-2020-29014 Race Condition vulnerability in Fortinet Fortisandbox
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands.
network
high complexity
fortinet CWE-362
5.3
2021-06-03 CVE-2021-22130 Out-of-bounds Write vulnerability in Fortinet Fortiproxy
A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value.
network
low complexity
fortinet CWE-787
4.9
2021-06-02 CVE-2020-6641 Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortipresence
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters.
network
low complexity
fortinet CWE-639
4.3
2021-06-01 CVE-2021-26111 Memory Leak vulnerability in Fortinet Fortiswitch
A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device.
low complexity
fortinet CWE-401
6.5
2021-04-12 CVE-2021-24024 Information Exposure Through Log Files vulnerability in Fortinet Fortiadc
A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.
network
low complexity
fortinet CWE-532
6.5
2021-04-12 CVE-2020-15942 Insufficiently Protected Credentials vulnerability in Fortinet Fortiweb
An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile.
network
low complexity
fortinet CWE-522
6.5