Filtered by vendor Fortinet
Subscriptions
Total
750 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-23663 | 1 Fortinet | 2 Fortiextender, Fortiextender Firmware | 2024-09-09 | 8.1 High |
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request. | ||||
CVE-2024-21759 | 1 Fortinet | 1 Fortiportal | 2024-09-09 | 3.9 Low |
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. | ||||
CVE-2023-50181 | 1 Fortinet | 1 Fortiadc | 2024-09-09 | 4.8 Medium |
An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests. | ||||
CVE-2023-50179 | 1 Fortinet | 1 Fortiadc | 2024-09-09 | 4.7 Medium |
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors. | ||||
CVE-2023-42783 | 1 Fortinet | 1 Fortiwlm | 2024-08-30 | 7.3 High |
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests. | ||||
CVE-2023-36641 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-08-30 | 6.2 Medium |
A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests. | ||||
CVE-2023-28002 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-08-30 | 5.8 Medium |
An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. | ||||
CVE-2023-45582 | 1 Fortinet | 1 Fortimail | 2024-08-30 | 5.3 Medium |
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts. | ||||
CVE-2023-41676 | 1 Fortinet | 1 Fortisiem | 2024-08-30 | 4.2 Medium |
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs. | ||||
CVE-2023-45585 | 1 Fortinet | 1 Fortisiem | 2024-08-30 | 2.1 Low |
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage. | ||||
CVE-2023-44248 | 1 Fortinet | 1 Fortiedr | 2024-08-30 | 4 Medium |
An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service. | ||||
CVE-2023-33304 | 1 Fortinet | 1 Forticlient | 2024-08-30 | 4.4 Medium |
A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. | ||||
CVE-2023-36633 | 1 Fortinet | 1 Fortimail | 2024-08-30 | 5.3 Medium |
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests. | ||||
CVE-2023-29177 | 1 Fortinet | 2 Fortiadc, Fortiddos-f | 2024-08-30 | 6.2 Medium |
Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests. | ||||
CVE-2023-40719 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-30 | 4.1 Medium |
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials. | ||||
CVE-2023-25603 | 1 Fortinet | 2 Fortiadc, Fortiddos-f | 2024-08-30 | 5.4 Medium |
A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests. | ||||
CVE-2022-40681 | 1 Fortinet | 1 Forticlient | 2024-08-30 | 7.1 High |
A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe. | ||||
CVE-2024-23113 | 1 Fortinet | 4 Fortios, Fortipam, Fortiproxy and 1 more | 2024-08-28 | 9.8 Critical |
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. | ||||
CVE-2023-45587 | 1 Fortinet | 1 Fortisandbox | 2024-08-28 | 3.4 Low |
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via crafted HTTP requests | ||||
CVE-2023-44253 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-23 | 4.7 Medium |
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. |