Fortiadc@7.1.0 Security Vulnerabilities and Issues — Fortiadc@7.1.0 CVE List

Lucene search

FortinetFortiadc7.1.0

9 matches found

CVE•added 2023/10/10 5:15 p.m.•58 views

CVE-2023-25607

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 thr...

7.8CVSS7.9AI score0.00151EPSS

CVE•added 2023/11/14 7:15 p.m.•56 views

CVE-2023-25603

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.

9.1CVSS8.7AI score0.00199EPSS

CVE•added 2022/11/02 12:15 p.m.•55 views

CVE-2022-35851

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address.

8CVSS5.2AI score0.00558EPSS

CVE•added 2022/12/06 5:15 p.m.•47 views

CVE-2022-33875

An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP r...

8.8CVSS9.1AI score0.00532EPSS

CVE•added 2023/06/13 9:15 a.m.•42 views

CVE-2023-26210

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as ro...

7.8CVSS7.8AI score0.00171EPSS

CVE•added 2023/06/13 9:15 a.m.•41 views

CVE-2023-28000

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted argu...

7.8CVSS7.6AI score0.00077EPSS

CVE•added 2022/12/06 5:15 p.m.•39 views

CVE-2022-33876

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.

6.5CVSS6.3AI score0.00359EPSS

CVE•added 2023/11/14 6:15 p.m.•36 views

CVE-2023-26205

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric a...

8.8CVSS8.6AI score0.00203EPSS

CVE•added 2023/12/13 7:15 a.m.•26 views

CVE-2023-41673

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.

7.1CVSS5.3AI score0.0016EPSS