Vulnerabilities (CVE)

Filtered by vendor Fortinet Subscribe
Filtered by product Fortiextender
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-23663 1 Fortinet 2 Fortiextender, Fortiextender Firmware 2024-09-09 N/A 8.8 HIGH
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.
CVE-2022-23447 1 Fortinet 2 Fortiextender, Fortiextender Firmware 2024-02-04 N/A 7.5 HIGH
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
CVE-2022-27489 1 Fortinet 2 Fortiextender, Fortiextender Firmware 2024-02-04 N/A 7.2 HIGH
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
CVE-2021-41016 1 Fortinet 2 Fortiextender, Fortiextender Firmware 2024-02-04 9.0 HIGH 8.8 HIGH
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters