Fortinet

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-24007 1Fortinet 1Fortimail Nov 21, 2024 Jul 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP...Show more Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.Show less
CVE-2021-22129 1Fortinet 1Fortimail Nov 21, 2024 Jul 9, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflo...Show more Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.Show less
CVE-2020-29014 1Fortinet 1Fortisandbox Nov 21, 2024 Jul 9, 2021 N/A· v4 5.3 MEDIUM· v3 6.3 MEDIUM· v2 A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive...Show more A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands.Show less
CVE-2021-24005 1Fortinet 1Fortiauthenticator Nov 21, 2024 Jul 6, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sens...Show more Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key.Show less
CVE-2021-24023 1Fortinet 1Fortiai Firmware Nov 21, 2024 Jun 3, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command.
CVE-2021-22130 1Fortinet 1Fortiproxy Nov 21, 2024 Jun 3, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service a...Show more A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.Show less
CVE-2021-24012 1Fortinet 1Fortios Nov 21, 2024 Jun 2, 2021 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authorit...Show more An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.Show less
CVE-2020-6641 1Fortinet 1Fortipresence Nov 21, 2024 Jun 2, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users...Show more Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters.Show less
CVE-2021-26111 1Fortinet 1Fortiswitch Nov 21, 2024 Jun 1, 2021 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory...Show more A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device.Show less
CVE-2021-22123 1Fortinet 1Fortiweb Nov 21, 2024 Jun 1, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the...Show more An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.Show less
CVE-2021-24011 1Fortinet 1Fortinac Nov 21, 2024 May 10, 2021 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges.
CVE-2021-24024 1Fortinet 2Fortiadc Fortiadc Manager Nov 21, 2024 Apr 12, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local use...Show more A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.Show less
CVE-2020-15942 1Fortinet 1Fortiweb Nov 21, 2024 Apr 12, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used...Show more An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile.Show less
CVE-2019-17656 1Fortinet 2Fortios Fortiproxy Nov 21, 2024 Apr 12, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to cra...Show more A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.Show less
CVE-2021-22128 1Fortinet 1Fortiproxy Nov 21, 2024 Mar 4, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appli...Show more An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.Show less
CVE-2020-15938 1Fortinet 1Fortios Nov 21, 2024 Mar 4, 2021 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't h...Show more When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.Show less
CVE-2020-15937 1Fortinet 1Fortios Nov 21, 2024 Mar 3, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs da...Show more An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.Show less
CVE-2021-22122 1Fortinet 1Fortiweb Nov 21, 2024 Feb 8, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site script...Show more An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.Show less
CVE-2020-6649 1Fortinet 1Fortiisolator Nov 21, 2024 Feb 8, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be ab...Show more An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)Show less
CVE-2020-29019 1Fortinet 1Fortiweb Nov 21, 2024 Jan 14, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cooki...Show more A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.Show less

Previous 1...424344...56 Next