Fortinet

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-41024 1Fortinet 2Fortios Fortiproxy Nov 21, 2024 Dec 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclo...Show more A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.Show less
CVE-2021-41015 1Fortinet 1Fortiweb Nov 21, 2024 Dec 8, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted H...Show more A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handlerShow less
CVE-2021-41014 1Fortinet 1Fortiweb Nov 21, 2024 Dec 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets
CVE-2021-36191 1Fortinet 1Fortiweb Nov 21, 2024 Dec 8, 2021 N/A· v4 5.4 MEDIUM· v3 4.9 MEDIUM· v2 A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers
CVE-2021-26109 1Fortinet 1Fortios Nov 21, 2024 Dec 8, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSL...Show more An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.Show less
CVE-2021-26108 1Fortinet 1Fortios Nov 21, 2024 Dec 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering.
CVE-2021-43067 1Fortinet 1Fortiauthenticator Nov 21, 2024 Dec 8, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker...Show more A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests.Show less
CVE-2021-42760 1Fortinet 1Fortiwlm Nov 21, 2024 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 7.5 HIGH· v2 A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests.
CVE-2021-42752 1Fortinet 1Fortiwlm Nov 21, 2024 Dec 8, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP r...Show more A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requestsShow less
CVE-2021-41029 1Fortinet 1Fortiwlm Nov 21, 2024 Dec 8, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via craf...Show more A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requestsShow less
CVE-2021-32591 1Fortinet 4Fortiadc FortimailFortisandbox+1 more Nov 21, 2024 Dec 8, 2021 N/A· v4 5.3 MEDIUM· v3 2.6 LOW· v2 A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may al...Show more A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.Show less
CVE-2021-26103 1Fortinet 2Fortios Fortiproxy Nov 21, 2024 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 5.1 MEDIUM· v2 An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL...Show more An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability.Show less
CVE-2021-42758 1Fortinet 1Fortiwlc Nov 21, 2024 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypass...Show more An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.Show less
CVE-2021-42757 1Fortinet 13Fortiadc FortianalyzerFortimail+10 more Oct 16, 2025 Dec 8, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command...Show more A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.Show less
CVE-2021-36180 1Fortinet 1Fortiweb Nov 21, 2024 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to e...Show more Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.Show less
CVE-2021-26110 1Fortinet 2Fortios Fortiproxy Nov 21, 2024 Dec 8, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileg...Show more An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.Show less
CVE-2021-32592 1Fortinet 2Forticlient Forticlient Enterprise Management Server Nov 21, 2024 Dec 1, 2021 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devi...Show more An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.Show less
CVE-2021-32600 1Fortinet 1Fortios Nov 21, 2024 Nov 17, 2021 N/A· v4 3.8 LOW· v3 2.1 LOW· v2 An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific...Show more An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list.Show less
CVE-2021-36192 1Fortinet 1Fortimanager Nov 21, 2024 Nov 3, 2021 N/A· v4 3.8 LOW· v3 2.1 LOW· v2 An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS.
CVE-2021-42754 1Fortinet 1Forticlient Nov 21, 2024 Nov 2, 2021 N/A· v4 5.0 MEDIUM· v3 3.5 LOW· v2 An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission...Show more An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.Show less

Previous 1...383940...56 Next