Filtered by vendor Fortinet
Subscribe
Total
687 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35282 | 1 Fortinet | 1 Forticlient | 2024-09-20 | N/A | 4.6 MEDIUM |
| A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump. | |||||
| CVE-2024-36511 | 1 Fortinet | 1 Fortiadc | 2024-09-20 | N/A | 3.7 LOW |
| An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature | |||||
| CVE-2024-31489 | 1 Fortinet | 1 Forticlient | 2024-09-20 | N/A | 8.1 HIGH |
| AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation | |||||
| CVE-2024-45323 | 1 Fortinet | 1 Fortiedrmanager | 2024-09-20 | N/A | 2.7 LOW |
| An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations. | |||||
| CVE-2023-50178 | 1 Fortinet | 1 Fortiadc | 2024-09-19 | N/A | 7.4 HIGH |
| An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud. | |||||
| CVE-2024-33509 | 1 Fortinet | 1 Fortiweb | 2024-09-09 | N/A | 4.8 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF). | |||||
| CVE-2024-27785 | 1 Fortinet | 1 Fortiaiops | 2024-09-09 | N/A | 6.5 MEDIUM |
| An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports. | |||||
| CVE-2024-27784 | 1 Fortinet | 1 Fortiaiops | 2024-09-09 | N/A | 6.5 MEDIUM |
| Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files. | |||||
| CVE-2024-26015 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-09-09 | N/A | 4.7 MEDIUM |
| An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests. | |||||
| CVE-2024-23663 | 1 Fortinet | 2 Fortiextender, Fortiextender Firmware | 2024-09-09 | N/A | 8.8 HIGH |
| An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request. | |||||
| CVE-2024-21759 | 1 Fortinet | 1 Fortiportal | 2024-09-09 | N/A | 4.3 MEDIUM |
| An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. | |||||
| CVE-2023-50181 | 1 Fortinet | 1 Fortiadc | 2024-09-09 | N/A | 6.5 MEDIUM |
| An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests. | |||||
| CVE-2023-50179 | 1 Fortinet | 1 Fortiadc | 2024-09-09 | N/A | 5.9 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors. | |||||
| CVE-2024-23111 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-08-23 | N/A | 4.8 MEDIUM |
| An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests. | |||||
| CVE-2024-23110 | 1 Fortinet | 1 Fortios | 2024-08-23 | N/A | 7.8 HIGH |
| A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands | |||||
| CVE-2023-46720 | 1 Fortinet | 1 Fortios | 2024-08-23 | N/A | 7.8 HIGH |
| A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands. | |||||
| CVE-2024-36505 | 1 Fortinet | 1 Fortios | 2024-08-22 | N/A | 5.5 MEDIUM |
| An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system. | |||||
| CVE-2024-21757 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-22 | N/A | 7.8 HIGH |
| A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup. | |||||
| CVE-2023-26211 | 1 Fortinet | 1 Fortisoar | 2024-08-22 | N/A | 9.0 CRITICAL |
| An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module. | |||||
| CVE-2022-45862 | 1 Fortinet | 4 Fortios, Fortipam, Fortiproxy and 1 more | 2024-08-22 | N/A | 8.8 HIGH |
| An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials. | |||||