Fortiadc@5.0.0 Security Vulnerabilities and Issues — Fortiadc@5.0.0 CVE List

Lucene search

FortinetFortiadc5.0.0

8 matches found

CVE•added 2021/12/08 11:15 a.m.•64 views

CVE-2021-42757

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

6.7CVSS6.9AI score0.00082EPSS

CVE•added 2022/07/18 6:15 p.m.•62 views

CVE-2022-26120

Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP...

8.8CVSS9.1AI score0.00629EPSS

CVE•added 2022/11/02 12:15 p.m.•56 views

CVE-2022-38381

An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection s...

9.8CVSS9.5AI score0.00019EPSS

CVE•added 2022/08/03 2:15 p.m.•55 views

CVE-2022-27484

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.

5.4CVSS4.5AI score0.00133EPSS

CVE•added 2021/12/08 12:15 p.m.•52 views

CVE-2021-32591

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confident...

5.3CVSS5.2AI score0.00167EPSS

CVE•added 2023/04/11 5:15 p.m.•41 views

CVE-2022-40679

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all ve...

7.8CVSS7.7AI score0.00111EPSS

CVE•added 2021/11/02 7:15 p.m.•40 views

CVE-2020-15935

A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields.

4.3CVSS4.2AI score0.00076EPSS

CVE•added 2023/02/16 7:15 p.m.•34 views

CVE-2022-27482

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands.

7.8CVSS7.9AI score0.00236EPSS