Lucene search

K

Fortinet FortiADCManager, FortiADC Security Vulnerabilities

nvd
nvd

CVE-2023-50180

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other....

5.5CVSS

2024-05-14 05:15 PM
cve
cve

CVE-2023-50180

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other....

5.5CVSS

6.3AI Score

2024-05-14 05:15 PM
23
cvelist
cvelist

CVE-2023-50180

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other....

5.5CVSS

5.6AI Score

2024-05-14 04:19 PM
cve
cve

CVE-2023-41673

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS...

7.1CVSS

5.3AI Score

2023-12-13 07:15 AM
7
nvd
nvd

CVE-2023-41673

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS...

5.4CVSS

2023-12-13 07:15 AM
prion
prion

Authorization

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS...

5.4CVSS

6.9AI Score

0.0004EPSS

2023-12-13 07:15 AM
1
cvelist
cvelist

CVE-2023-41673

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS...

7.1CVSS

6.9AI Score

2023-12-13 06:43 AM
cnvd
cnvd

Fortinet FortiADC Buffer Overflow Vulnerability

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. The Fortinet FortiADC suffers from a buffer overflow vulnerability that originates from a boundary error when the application processes untrusted input. An attacker could exploit the vulnerability to execute arbitrary code....

6.7CVSS

8.2AI Score

0.0004EPSS

2023-11-17 12:00 AM
3
cve
cve

CVE-2023-29177

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI...

6.7CVSS

7AI Score

2023-11-14 07:15 PM
19
nvd
nvd

CVE-2023-29177

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI...

6.7CVSS

2023-11-14 07:15 PM
nvd
nvd

CVE-2023-25603

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web...

9.1CVSS

2023-11-14 07:15 PM
1
cve
cve

CVE-2023-25603

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web...

9.1CVSS

8.7AI Score

2023-11-14 07:15 PM
32
prion
prion

Cross site scripting

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web...

9.1CVSS

6.7AI Score

0.001EPSS

2023-11-14 07:15 PM
4
prion
prion

Buffer overflow

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI...

6.7CVSS

8.3AI Score

0.0004EPSS

2023-11-14 07:15 PM
3
cve
cve

CVE-2023-26205

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric.....

8.8CVSS

8.6AI Score

2023-11-14 06:15 PM
16
nvd
nvd

CVE-2023-26205

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric.....

8.8CVSS

2023-11-14 06:15 PM
1
prion
prion

Improper access control

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric.....

8.8CVSS

7.3AI Score

0.001EPSS

2023-11-14 06:15 PM
2
cvelist
cvelist

CVE-2023-25603

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web...

5.4CVSS

9AI Score

2023-11-14 06:08 PM
cvelist
cvelist

CVE-2023-29177

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI...

6.7CVSS

7.2AI Score

2023-11-14 06:07 PM
cvelist
cvelist

CVE-2023-26205

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric.....

8.1CVSS

8.8AI Score

2023-11-14 06:05 PM
cve
cve

CVE-2023-25607

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0...

7.8CVSS

7.9AI Score

2023-10-10 05:15 PM
36
nvd
nvd

CVE-2023-25607

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0...

7.8CVSS

2023-10-10 05:15 PM
prion
prion

Command injection

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0...

7.8CVSS

7.9AI Score

0.0004EPSS

2023-10-10 05:15 PM
cvelist
cvelist

CVE-2023-25607

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0...

7.8CVSS

8.1AI Score

2023-10-10 04:51 PM
cve
cve

CVE-2022-35849

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via...

8.8CVSS

8.7AI Score

2023-09-13 01:15 PM
14
nvd
nvd

CVE-2022-35849

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via...

8.8CVSS

2023-09-13 01:15 PM
prion
prion

Command injection

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via...

8.8CVSS

8.7AI Score

0.001EPSS

2023-09-13 01:15 PM
7
cvelist
cvelist

CVE-2022-35849

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via...

7.8CVSS

9AI Score

2023-09-13 12:30 PM
nvd
nvd

CVE-2023-28000

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted...

7.8CVSS

2023-06-13 09:15 AM
1
nvd
nvd

CVE-2023-26210

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as...

7.8CVSS

2023-06-13 09:15 AM
1
cve
cve

CVE-2023-26210

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as...

7.8CVSS

7.8AI Score

2023-06-13 09:15 AM
18
cve
cve

CVE-2023-28000

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted...

7.8CVSS

7.6AI Score

2023-06-13 09:15 AM
15
prion
prion

Command injection

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-06-13 09:15 AM
5
prion
prion

Command injection

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-06-13 09:15 AM
2
cvelist
cvelist

CVE-2023-28000

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted...

6.7CVSS

7.9AI Score

2023-06-13 08:41 AM
cvelist
cvelist

CVE-2023-26210

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as...

7.8CVSS

8.1AI Score

2023-06-13 08:41 AM
fortinet
fortinet

FortiADC - Command injection in diagnose system df CLI command

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI...

7.8CVSS

7AI Score

0.0004EPSS

2023-06-12 12:00 AM
9
fortinet
fortinet

FortiADC & FortiADC Manager - Command injection vulnerabilities in cli commands

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in FortiADC & FortiADC Manager may allow a local authenticated attacker to execute arbitrary shell code as root user via crafted CLI...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-06-12 12:00 AM
9
hivepro
hivepro

Fortinet addresses Vulnerabilities in FortiADC, FortiOS and FortiProxy

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has issued security patches for two high-severity vulnerabilities - an OS command vulnerability in FortiADC, and an out-of-bounds write flaw in sslvpnd of FortiOS and FortiProxy. To...

7.1AI Score

2023-05-08 10:02 AM
8
cve
cve

CVE-2023-27999

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing...

7.8CVSS

7.7AI Score

2023-05-03 10:15 PM
16
nvd
nvd

CVE-2023-27999

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing...

7.8CVSS

2023-05-03 10:15 PM
nvd
nvd

CVE-2023-27993

A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI...

7.1CVSS

2023-05-03 10:15 PM
cve
cve

CVE-2023-27993

A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI...

7.1CVSS

6.7AI Score

2023-05-03 10:15 PM
21
prion
prion

Command injection

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-05-03 10:15 PM
1
prion
prion

Path traversal

A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI...

7.1CVSS

6.7AI Score

0.0004EPSS

2023-05-03 10:15 PM
1
cvelist
cvelist

CVE-2023-27993

A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI...

6CVSS

7AI Score

2023-05-03 09:26 PM
cvelist
cvelist

CVE-2023-27999

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing...

7.8CVSS

8AI Score

2023-05-03 09:26 PM
fortinet
fortinet

FortiADC - Path traversal vulnerability in CLI

A relative path traversal vulnerability [CWE-23] in FortiADC may allow a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI...

7.1CVSS

6.7AI Score

0.0004EPSS

2023-05-03 12:00 AM
9
fortinet
fortinet

FortiADC - Command injection in external resource module

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-05-03 12:00 AM
18
nessus
nessus

Fortinet FortiWeb - OS command injection in CLI (FG-IR-22-186)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-186 advisory. A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version...

7.7AI Score

2023-04-13 12:00 AM
67
Total number of security vulnerabilities203