Vulnerabilities > Fortinet > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-21753 | Path Traversal vulnerability in Fortinet Forticlient Endpoint Management Server A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests | 6.0 |
| 2024-09-10 | CVE-2024-31490 | Unspecified vulnerability in Fortinet Fortisandbox An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests. | 6.5 |
| 2024-09-10 | CVE-2024-35282 | Cleartext Storage of Sensitive Information vulnerability in Fortinet Forticlient A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump. | 4.6 |
| 2024-08-13 | CVE-2024-36505 | Unspecified vulnerability in Fortinet Fortios An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system. | 5.5 |
| 2024-07-09 | CVE-2023-50179 | Unspecified vulnerability in Fortinet Fortiadc An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors. | 5.9 |
| 2024-07-09 | CVE-2023-50181 | Unspecified vulnerability in Fortinet Fortiadc An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests. | 6.5 |
| 2024-07-09 | CVE-2024-21759 | Unspecified vulnerability in Fortinet Fortiportal An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. | 4.3 |
| 2024-07-09 | CVE-2024-26015 | Incorrect Type Conversion or Cast vulnerability in Fortinet Fortios and Fortiproxy An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests. | 4.7 |
| 2024-07-09 | CVE-2024-27784 | Unspecified vulnerability in Fortinet Fortiaiops 2.0.0 Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files. | 6.5 |
| 2024-07-09 | CVE-2024-27785 | Unspecified vulnerability in Fortinet Fortiaiops 2.0.0 An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports. | 6.5 |