Filtered by vendor Fortinet
Subscriptions
Total
750 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28000 | 1 Fortinet | 1 Fortiadc | 2024-08-02 | 6.3 Medium |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI command. | ||||
| CVE-2023-27993 | 1 Fortinet | 1 Fortiadc | 2024-08-02 | 5.7 Medium |
| A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands. | ||||
| CVE-2023-27998 | 1 Fortinet | 1 Fortipresence | 2024-08-02 | 5.3 Medium |
| A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths. | ||||
| CVE-2023-27995 | 1 Fortinet | 1 Fortisoar | 2024-08-02 | 7.2 High |
| A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload. | ||||
| CVE-2023-28001 | 1 Fortinet | 1 Fortios | 2024-08-02 | 4.1 Medium |
| An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API. | ||||
| CVE-2023-26210 | 1 Fortinet | 2 Fortiadc, Fortiadc Manager | 2024-08-02 | 7.8 High |
| Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests. | ||||
| CVE-2023-26209 | 1 Fortinet | 1 Fortideceptor | 2024-08-02 | 3.5 Low |
| A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | ||||
| CVE-2023-26208 | 1 Fortinet | 1 Fortiauthenticator | 2024-08-02 | 3.5 Low |
| A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | ||||
| CVE-2023-26204 | 1 Fortinet | 1 Fortisiem | 2024-08-02 | 3.6 Low |
| A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. | ||||
| CVE-2023-26205 | 1 Fortinet | 1 Fortiadc | 2024-08-02 | 7.9 High |
| An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script. | ||||
| CVE-2023-26207 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-08-02 | 3.3 Low |
| An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text. | ||||
| CVE-2023-26206 | 1 Fortinet | 1 Fortinac | 2024-08-02 | 6.8 Medium |
| An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs. | ||||
| CVE-2023-26203 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-08-02 | 6.1 Medium |
| A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. | ||||
| CVE-2023-25608 | 1 Fortinet | 4 Fortiap, Fortiap-c, Fortiap-u and 1 more | 2024-08-02 | 5.2 Medium |
| An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments. | ||||
| CVE-2023-25605 | 1 Fortinet | 1 Fortisoar | 2024-08-02 | 7.5 High |
| A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. | ||||
| CVE-2023-25602 | 1 Fortinet | 1 Fortiweb | 2024-08-02 | 7.4 High |
| A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. | ||||
| CVE-2023-25609 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-02 | 4.2 Medium |
| A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests. | ||||
| CVE-2023-25611 | 1 Fortinet | 1 Fortianalyzer | 2024-08-02 | 4 Medium |
| A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. | ||||
| CVE-2023-25606 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-02 | 6.2 Medium |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | ||||
| CVE-2023-25607 | 1 Fortinet | 3 Fortiadc, Fortianalyzer, Fortimanager | 2024-08-02 | 7.4 High |
| An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC 7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function. | ||||