Filtered by vendor Fortinet
Subscriptions
Total
750 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-42787 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-02 | 6.2 Medium |
A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. | ||||
CVE-2023-41841 | 1 Fortinet | 1 Fortios | 2024-08-02 | 7.4 High |
An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. | ||||
CVE-2023-41844 | 1 Fortinet | 1 Fortisandbox | 2024-08-02 | 3.4 Low |
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests in capture traffic endpoint. | ||||
CVE-2023-41840 | 1 Fortinet | 1 Forticlient | 2024-08-02 | 7.4 High |
A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path. | ||||
CVE-2023-41843 | 1 Fortinet | 1 Fortisandbox | 2024-08-02 | 7.3 High |
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
CVE-2023-41680 | 1 Fortinet | 1 Fortisandbox | 2024-08-02 | 7.3 High |
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
CVE-2023-41673 | 1 Fortinet | 1 Fortiadc | 2024-08-02 | 6.9 Medium |
An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests. | ||||
CVE-2023-41679 | 1 Fortinet | 1 Fortimanager | 2024-08-02 | 7.7 High |
An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs | ||||
CVE-2023-41678 | 1 Fortinet | 2 Fortios, Fortipam | 2024-08-02 | 8.3 High |
A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request. | ||||
CVE-2023-40717 | 1 Fortinet | 1 Fortitester | 2024-08-02 | 5 Medium |
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands. | ||||
CVE-2023-40720 | 1 Fortinet | 1 Fortivoice | 2024-08-02 | 6.7 Medium |
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests. | ||||
CVE-2023-40716 | 1 Fortinet | 1 Fortitester | 2024-08-02 | 6.5 Medium |
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup . | ||||
CVE-2023-40715 | 1 Fortinet | 1 Fortitester | 2024-08-02 | 5.2 Medium |
A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device. | ||||
CVE-2023-37934 | 1 Fortinet | 1 Fortipam | 2024-08-02 | 4.2 Medium |
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency. | ||||
CVE-2023-37932 | 1 Fortinet | 1 Fortivoice | 2024-08-02 | 6.2 Medium |
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests | ||||
CVE-2023-36639 | 1 Fortinet | 3 Fortios, Fortipam, Fortiproxy | 2024-08-02 | 7 High |
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests. | ||||
CVE-2023-36642 | 1 Fortinet | 1 Fortitester | 2024-08-02 | 6.5 Medium |
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | ||||
CVE-2023-36635 | 1 Fortinet | 1 Fortiswitchmanager | 2024-08-02 | 6.9 Medium |
An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API. | ||||
CVE-2023-36638 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-02 | 4.2 Medium |
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID. | ||||
CVE-2023-36640 | 1 Fortinet | 3 Fortios, Fortipam, Fortiproxy | 2024-08-02 | 6.5 Medium |
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands |