Vulnerabilities > Fortinet > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-16 CVE-2023-33306 NULL Pointer Dereference vulnerability in Fortinet Fortios and Fortiproxy
A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter.
network
low complexity
fortinet CWE-476
6.5
2023-06-16 CVE-2023-33307 NULL Pointer Dereference vulnerability in Fortinet Fortios and Fortiproxy
A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter.
network
low complexity
fortinet CWE-476
6.5
2023-06-13 CVE-2022-33877 Incorrect Default Permissions vulnerability in Fortinet Forticlient and Forticonverter
An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder.
local
low complexity
fortinet CWE-276
5.5
2023-06-13 CVE-2022-41327 Cleartext Transmission of Sensitive Information vulnerability in Fortinet Fortios and Fortiproxy
A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.
local
low complexity
fortinet CWE-319
4.4
2023-06-13 CVE-2023-25609 Server-Side Request Forgery (SSRF) vulnerability in Fortinet Fortianalyzer and Fortimanager
A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests.
network
low complexity
fortinet CWE-918
6.5
2023-06-13 CVE-2023-26207 Information Exposure Through Log Files vulnerability in Fortinet Fortios and Fortiproxy
An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10.
network
low complexity
fortinet CWE-532
6.5
2023-06-13 CVE-2023-29175 Improper Certificate Validation vulnerability in Fortinet Fortios and Fortiproxy
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server.
network
high complexity
fortinet CWE-295
4.8
2023-06-13 CVE-2023-29178 Access of Uninitialized Pointer vulnerability in Fortinet Fortios and Fortiproxy
A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.
network
low complexity
fortinet CWE-824
4.3
2023-06-13 CVE-2023-33305 Infinite Loop vulnerability in Fortinet Fortios and Fortiproxy
A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.
network
low complexity
fortinet CWE-835
6.5
2023-05-03 CVE-2022-43950 Open Redirect vulnerability in Fortinet Fortinac and Fortinac-F
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.
network
low complexity
fortinet CWE-601
4.7