← Back

Fortinet

fortinet

1,119 CVEs • 247 products

Products (247)

Click to collapse
Toggle
Fortios
fortios
267 CVEs
Fortiweb
fortiweb
124 CVEs
Fortiproxy
fortiproxy
117 CVEs
Fortimanager
fortimanager
112 CVEs
Fortianalyzer
fortianalyzer
92 CVEs
Forticlient
forticlient
85 CVEs
Fortisandbox
fortisandbox
58 CVEs
Fortimail
fortimail
46 CVEs
Fortiportal
fortiportal
44 CVEs
Fortiadc
fortiadc
43 CVEs
Fortisoar
fortisoar
31 CVEs
Fortinac
fortinac
30 CVEs
Fortisiem
fortisiem
29 CVEs
Fortimanager Cloud
fortimanager_cloud
27 CVEs
Fortipam
fortipam
25 CVEs
Fortivoice
fortivoice
24 CVEs
Fortiauthenticator
fortiauthenticator
23 CVEs
Fortiwlm
fortiwlm
23 CVEs
Fortiswitchmanager
fortiswitchmanager
19 CVEs
Fortinet Antivirus
fortinet_antivirus
18 CVEs
Fortianalyzer Cloud
fortianalyzer_cloud
17 CVEs
Fortiwan
fortiwan
16 CVEs
Fortitester
fortitester
16 CVEs
Fortimanager Firmware
fortimanager_firmware
15 CVEs
Fortiswitch
fortiswitch
14 CVEs
Fortiwlc
fortiwlc
14 CVEs
Fortianalyzer Big Data
fortianalyzer_big_data
13 CVEs
Forticlientems
forticlientems
13 CVEs
Fortianalyzer Firmware
fortianalyzer_firmware
12 CVEs
Fortinac F
fortinac-f
12 CVEs
Fortirecorder
fortirecorder
12 CVEs
Fortideceptor
fortideceptor
11 CVEs
Fortindr
fortindr
11 CVEs
Fortiisolator
fortiisolator
10 CVEs
Fortisase
fortisase
10 CVEs
Fortiap W2
fortiap-w2
9 CVEs
Fortisandbox Cloud
fortisandbox_cloud
8 CVEs
Fortiap
fortiap
7 CVEs
Fortiap U
fortiap-u
7 CVEs
Forticlient Enterprise Management Server
forticlient_enterprise_management_server
7 CVEs
Fortiextender Firmware
fortiextender_firmware
7 CVEs
Fortiedr
fortiedr
7 CVEs
Fortiddos F
fortiddos-f
7 CVEs
Fortiap S
fortiap-s
6 CVEs
Forticlient Endpoint Management Server
forticlient_endpoint_management_server
6 CVEs
Fortiadc Firmware
fortiadc_firmware
5 CVEs
Fcm Mb40 Firmware
fcm-mb40_firmware
5 CVEs
Fortirecorder Firmware
fortirecorder_firmware
5 CVEs
Fortiddos
fortiddos
5 CVEs
Fortiwebmanager
fortiwebmanager
4 CVEs
Fortiaiops
fortiaiops
4 CVEs
Fortisra
fortisra
4 CVEs
Fortidlp Agent
fortidlp_agent
4 CVEs
Fortibalancer 400 Firmware
fortibalancer_400_firmware
3 CVEs
Fortibalancer 1000 Firmware
fortibalancer_1000_firmware
3 CVEs
Fortibalancer 2000 Firmware
fortibalancer_2000_firmware
3 CVEs
Fortibalancer 3000 Firmware
fortibalancer_3000_firmware
3 CVEs
Fortitoken Mobile
fortitoken_mobile
3 CVEs
Fortigate
fortigate
2 CVEs
Fortigate 1000c
fortigate-1000c
2 CVEs
Fortigate 100d
fortigate-100d
2 CVEs
Fortigate 110c
fortigate-110c
2 CVEs
Fortigate 1240b
fortigate-1240b
2 CVEs
Fortigate 200b
fortigate-200b
2 CVEs
Fortigate 20c
fortigate-20c
2 CVEs
Fortigate 300c
fortigate-300c
2 CVEs
Fortigate 3040b
fortigate-3040b
2 CVEs
Fortigate 310b
fortigate-310b
2 CVEs
Fortigate 311b
fortigate-311b
2 CVEs
Fortigate 3140b
fortigate-3140b
2 CVEs
Fortigate 3240c
fortigate-3240c
2 CVEs
Fortigate 3810a
fortigate-3810a
2 CVEs
Fortigate 3950b
fortigate-3950b
2 CVEs
Fortigate 40c
fortigate-40c
2 CVEs
Fortigate 5001a Sw
fortigate-5001a-sw
2 CVEs
Fortigate 5001b
fortigate-5001b
2 CVEs
Fortigate 5020
fortigate-5020
2 CVEs
Fortigate 5060
fortigate-5060
2 CVEs
Fortigate 50b
fortigate-50b
2 CVEs
Fortigate 5101c
fortigate-5101c
2 CVEs
Fortigate 5140b
fortigate-5140b
2 CVEs
Fortigate 600c
fortigate-600c
2 CVEs
Fortigate 60c
fortigate-60c
2 CVEs
Fortigate 620b
fortigate-620b
2 CVEs
Fortigate 800c
fortigate-800c
2 CVEs
Fortigate 80c
fortigate-80c
2 CVEs
Fortigate Voice 80c
fortigate-voice-80c
2 CVEs
Fortigaterugged 100c
fortigaterugged-100c
2 CVEs
Fortiadc 1000e
fortiadc-1000e
2 CVEs
Fortiadc 1500d
fortiadc-1500d
2 CVEs
Fortiadc 2000d
fortiadc-2000d
2 CVEs
Fortiadc 200d
fortiadc-200d
2 CVEs
Fortiadc 300e
fortiadc-300e
2 CVEs
Fortiadc 4000d
fortiadc-4000d
2 CVEs
Fortiadc 400e
fortiadc-400e
2 CVEs
Fortiadc 600e
fortiadc-600e
2 CVEs
Forticlient Sslvpn Client
forticlient_sslvpn_client
2 CVEs
Fortios Ips Engine
fortios_ips_engine
2 CVEs
Fortiadc Manager
fortiadc_manager
2 CVEs
Fortipresence
fortipresence
2 CVEs

CVEs (1,119)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-41023
1Fortinet
1Fortisiem
Nov 21, 2024
Nov 2, 2021
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files
CVE-2021-41022
1Fortinet
1Fortisiem
Nov 21, 2024
Nov 2, 2021
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts
CVE-2021-36187
1Fortinet
1Fortiweb
Nov 21, 2024
Nov 2, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause a denial of service for webserver daemon via crafted HTTP requests
CVE-2021-36186
1Fortinet
1Fortiweb
Nov 21, 2024
Nov 2, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests
CVE-2021-36185
1Fortinet
1Fortiwlm
Nov 21, 2024
Nov 2, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...Show more
A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.Show less
CVE-2021-36184
1Fortinet
1Fortiwlm
Nov 21, 2024
Nov 2, 2021
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP re...Show more
A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests.Show less
CVE-2021-36183
1Fortinet
1Forticlient
Nov 21, 2024
Nov 2, 2021
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe...Show more
An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.Show less
CVE-2021-36176
1Fortinet
1Fortiportal
Nov 21, 2024
Nov 2, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
CVE-2021-36174
1Fortinet
1Fortiportal
Nov 21, 2024
Nov 2, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs...Show more
A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs.Show less
CVE-2020-15935
1Fortinet
1Fortiadc
Nov 21, 2024
Nov 2, 2021
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and...Show more
A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields.Show less
CVE-2021-41019
1Fortinet
1Fortios
Nov 21, 2024
Nov 2, 2021
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensit...Show more
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.Show less
CVE-2021-36181
1Fortinet
1Fortiportal
Nov 21, 2024
Nov 2, 2021
N/A· v4
3.1 LOW· v3
3.5 LOW· v2
A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to...Show more
A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests.Show less
CVE-2021-36172
1Fortinet
1Fortiportal
Nov 21, 2024
Nov 2, 2021
N/A· v4
8.1 HIGH· v3
6.4 MEDIUM· v2
An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to...Show more
An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.Show less
CVE-2021-32595
1Fortinet
1Fortiportal
Nov 21, 2024
Nov 2, 2021
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
CVE-2021-26107
1Fortinet
1Fortimanager
Nov 21, 2024
Nov 2, 2021
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Mana...Show more
An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.Show less
CVE-2020-15940
1Fortinet
1Forticlient Enterprise Management Server
Nov 21, 2024
Nov 2, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter o...Show more
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server.Show less
CVE-2020-12814
1Fortinet
1Fortianalyzer
Nov 21, 2024
Nov 2, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifi...Show more
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI.Show less
CVE-2021-36178
1Fortinet
1Fortisdnconnector
Nov 21, 2024
Oct 6, 2021
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup.
CVE-2021-36175
1Fortinet
1Fortiweb
Nov 21, 2024
Oct 6, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/c...Show more
An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device.Show less
CVE-2021-36170
1Fortinet
2Fortianalyzer
Fortimanager
Nov 21, 2024
Oct 6, 2021
N/A· v4
3.2 LOW· v3
2.1 LOW· v2
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activat...Show more
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.Show less