← Back

Fortinet

fortinet

1,119 CVEs • 247 products

Products (247)

Click to collapse
Toggle
Fortios
fortios
267 CVEs
Fortiweb
fortiweb
124 CVEs
Fortiproxy
fortiproxy
117 CVEs
Fortimanager
fortimanager
112 CVEs
Fortianalyzer
fortianalyzer
92 CVEs
Forticlient
forticlient
85 CVEs
Fortisandbox
fortisandbox
58 CVEs
Fortimail
fortimail
46 CVEs
Fortiportal
fortiportal
44 CVEs
Fortiadc
fortiadc
43 CVEs
Fortisoar
fortisoar
31 CVEs
Fortinac
fortinac
30 CVEs
Fortisiem
fortisiem
29 CVEs
Fortimanager Cloud
fortimanager_cloud
27 CVEs
Fortipam
fortipam
25 CVEs
Fortivoice
fortivoice
24 CVEs
Fortiauthenticator
fortiauthenticator
23 CVEs
Fortiwlm
fortiwlm
23 CVEs
Fortiswitchmanager
fortiswitchmanager
19 CVEs
Fortinet Antivirus
fortinet_antivirus
18 CVEs
Fortianalyzer Cloud
fortianalyzer_cloud
17 CVEs
Fortiwan
fortiwan
16 CVEs
Fortitester
fortitester
16 CVEs
Fortimanager Firmware
fortimanager_firmware
15 CVEs
Fortiswitch
fortiswitch
14 CVEs
Fortiwlc
fortiwlc
14 CVEs
Fortianalyzer Big Data
fortianalyzer_big_data
13 CVEs
Forticlientems
forticlientems
13 CVEs
Fortianalyzer Firmware
fortianalyzer_firmware
12 CVEs
Fortinac F
fortinac-f
12 CVEs
Fortirecorder
fortirecorder
12 CVEs
Fortideceptor
fortideceptor
11 CVEs
Fortindr
fortindr
11 CVEs
Fortiisolator
fortiisolator
10 CVEs
Fortisase
fortisase
10 CVEs
Fortiap W2
fortiap-w2
9 CVEs
Fortisandbox Cloud
fortisandbox_cloud
8 CVEs
Fortiap
fortiap
7 CVEs
Fortiap U
fortiap-u
7 CVEs
Forticlient Enterprise Management Server
forticlient_enterprise_management_server
7 CVEs
Fortiextender Firmware
fortiextender_firmware
7 CVEs
Fortiedr
fortiedr
7 CVEs
Fortiddos F
fortiddos-f
7 CVEs
Fortiap S
fortiap-s
6 CVEs
Forticlient Endpoint Management Server
forticlient_endpoint_management_server
6 CVEs
Fortiadc Firmware
fortiadc_firmware
5 CVEs
Fcm Mb40 Firmware
fcm-mb40_firmware
5 CVEs
Fortirecorder Firmware
fortirecorder_firmware
5 CVEs
Fortiddos
fortiddos
5 CVEs
Fortiwebmanager
fortiwebmanager
4 CVEs
Fortiaiops
fortiaiops
4 CVEs
Fortisra
fortisra
4 CVEs
Fortidlp Agent
fortidlp_agent
4 CVEs
Fortibalancer 400 Firmware
fortibalancer_400_firmware
3 CVEs
Fortibalancer 1000 Firmware
fortibalancer_1000_firmware
3 CVEs
Fortibalancer 2000 Firmware
fortibalancer_2000_firmware
3 CVEs
Fortibalancer 3000 Firmware
fortibalancer_3000_firmware
3 CVEs
Fortitoken Mobile
fortitoken_mobile
3 CVEs
Fortigate
fortigate
2 CVEs
Fortigate 1000c
fortigate-1000c
2 CVEs
Fortigate 100d
fortigate-100d
2 CVEs
Fortigate 110c
fortigate-110c
2 CVEs
Fortigate 1240b
fortigate-1240b
2 CVEs
Fortigate 200b
fortigate-200b
2 CVEs
Fortigate 20c
fortigate-20c
2 CVEs
Fortigate 300c
fortigate-300c
2 CVEs
Fortigate 3040b
fortigate-3040b
2 CVEs
Fortigate 310b
fortigate-310b
2 CVEs
Fortigate 311b
fortigate-311b
2 CVEs
Fortigate 3140b
fortigate-3140b
2 CVEs
Fortigate 3240c
fortigate-3240c
2 CVEs
Fortigate 3810a
fortigate-3810a
2 CVEs
Fortigate 3950b
fortigate-3950b
2 CVEs
Fortigate 40c
fortigate-40c
2 CVEs
Fortigate 5001a Sw
fortigate-5001a-sw
2 CVEs
Fortigate 5001b
fortigate-5001b
2 CVEs
Fortigate 5020
fortigate-5020
2 CVEs
Fortigate 5060
fortigate-5060
2 CVEs
Fortigate 50b
fortigate-50b
2 CVEs
Fortigate 5101c
fortigate-5101c
2 CVEs
Fortigate 5140b
fortigate-5140b
2 CVEs
Fortigate 600c
fortigate-600c
2 CVEs
Fortigate 60c
fortigate-60c
2 CVEs
Fortigate 620b
fortigate-620b
2 CVEs
Fortigate 800c
fortigate-800c
2 CVEs
Fortigate 80c
fortigate-80c
2 CVEs
Fortigate Voice 80c
fortigate-voice-80c
2 CVEs
Fortigaterugged 100c
fortigaterugged-100c
2 CVEs
Fortiadc 1000e
fortiadc-1000e
2 CVEs
Fortiadc 1500d
fortiadc-1500d
2 CVEs
Fortiadc 2000d
fortiadc-2000d
2 CVEs
Fortiadc 200d
fortiadc-200d
2 CVEs
Fortiadc 300e
fortiadc-300e
2 CVEs
Fortiadc 4000d
fortiadc-4000d
2 CVEs
Fortiadc 400e
fortiadc-400e
2 CVEs
Fortiadc 600e
fortiadc-600e
2 CVEs
Forticlient Sslvpn Client
forticlient_sslvpn_client
2 CVEs
Fortios Ips Engine
fortios_ips_engine
2 CVEs
Fortiadc Manager
fortiadc_manager
2 CVEs
Fortipresence
fortipresence
2 CVEs

CVEs (1,119)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-43071
1Fortinet
1Fortiweb
Nov 21, 2024
Dec 9, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogRe...Show more
A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.Show less
CVE-2021-43068
1Fortinet
1Fortiauthenticator
Nov 21, 2024
Dec 9, 2021
N/A· v4
8.1 HIGH· v3
5.5 MEDIUM· v2
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal.
CVE-2021-43065
1Fortinet
1Fortinac
Nov 21, 2024
Dec 9, 2021
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system da...Show more
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.Show less
CVE-2021-42759
1Fortinet
1Meru Firmware
Nov 21, 2024
Dec 9, 2021
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands.
CVE-2021-36167
1Fortinet
1Forticlient
Nov 21, 2024
Dec 9, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the sess...Show more
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater.Show less
CVE-2021-43204
1Fortinet
1Forticlient
Nov 21, 2024
Dec 9, 2021
N/A· v4
4.4 MEDIUM· v3
4.9 MEDIUM· v2
A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its...Show more
A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions.Show less
CVE-2021-36194
1Fortinet
1Fortiweb
Nov 21, 2024
Dec 9, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests.
CVE-2021-36189
1Fortinet
1Forticlient Enterprise Management Server
Nov 21, 2024
Dec 9, 2021
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data
CVE-2021-41025
1Fortinet
1Fortiweb
Nov 21, 2024
Dec 8, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurren...Show more
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.Show less
CVE-2021-41017
1Fortinet
1Fortiweb
Nov 21, 2024
Dec 8, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via speci...Show more
Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests.Show less
CVE-2021-36195
1Fortinet
1Fortiweb
Nov 21, 2024
Dec 8, 2021
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to exec...Show more
Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments.Show less
CVE-2021-36173
1Fortinet
1Fortios
Nov 21, 2024
Dec 8, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary...Show more
A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.Show less
CVE-2021-41030
1Fortinet
1Forticlient Enterprise Management Server
Nov 21, 2024
Dec 8, 2021
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and...Show more
An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.Show less
CVE-2021-41021
1Fortinet
1Fortinac
Nov 21, 2024
Dec 8, 2021
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.
CVE-2021-41013
1Fortinet
1Fortiweb
Nov 21, 2024
Dec 8, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the L...Show more
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs.Show less
CVE-2021-36188
1Fortinet
1Fortiweb
Nov 21, 2024
Dec 8, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted G...Show more
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlersShow less
CVE-2021-43063
1Fortinet
1Fortiweb
Nov 21, 2024
Dec 8, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthoriz...Show more
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage.Show less
CVE-2021-36190
1Fortinet
1Fortiweb
Nov 21, 2024
Dec 8, 2021
N/A· v4
6.3 MEDIUM· v3
6.5 MEDIUM· v2
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests.
CVE-2021-43064
1Fortinet
1Fortiweb
Nov 21, 2024
Dec 8, 2021
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or pro...Show more
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers.Show less
CVE-2021-41027
1Fortinet
1Fortiweb
Nov 21, 2024
Dec 8, 2021
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device.