Lucene search

K
FortinetFortios

233 matches found

CVE
CVE
added 2022/11/02 12:15 p.m.64 views

CVE-2022-30307

A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack.

8.1CVSS8AI score0.00182EPSS
CVE
CVE
added 2023/10/10 5:15 p.m.64 views

CVE-2023-37935

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.

7.5CVSS7.3AI score0.00192EPSS
CVE
CVE
added 2022/09/06 6:15 p.m.63 views

CVE-2022-27491

A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML dat...

7.5CVSS7.4AI score0.00039EPSS
CVE
CVE
added 2023/06/13 9:15 a.m.63 views

CVE-2022-42474

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attac...

6.5CVSS3.9AI score0.00209EPSS
CVE
CVE
added 2024/05/14 5:15 p.m.63 views

CVE-2023-45583

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4...

7.2CVSS7.3AI score0.00155EPSS
CVE
CVE
added 2024/08/13 4:15 p.m.63 views

CVE-2024-36505

An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity c...

5.5CVSS5.3AI score0.00026EPSS
CVE
CVE
added 2016/08/24 4:30 p.m.62 views

CVE-2016-6909

Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.

10CVSS9.7AI score0.7156EPSS
CVE
CVE
added 2021/08/04 3:15 p.m.62 views

CVE-2021-24018

A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.

8.8CVSS8.8AI score0.00078EPSS
CVE
CVE
added 2022/07/18 5:15 p.m.62 views

CVE-2021-42755

An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVo...

4.3CVSS4.8AI score0.00161EPSS
CVE
CVE
added 2021/12/08 11:15 a.m.62 views

CVE-2021-42757

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

6.7CVSS6.9AI score0.00082EPSS
CVE
CVE
added 2023/02/16 7:15 p.m.62 views

CVE-2022-29054

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.

3.3CVSS4.1AI score0.00066EPSS
CVE
CVE
added 2023/02/16 7:15 p.m.62 views

CVE-2022-38378

An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile...

6CVSS6AI score0.00033EPSS
CVE
CVE
added 2024/06/11 3:15 p.m.62 views

CVE-2023-46720

A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands.

7.8CVSS8AI score0.00043EPSS
CVE
CVE
added 2024/02/15 2:15 p.m.62 views

CVE-2023-47537

An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6, 7.4.0 - 7.4.1 and 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch...

4.8CVSS5.1AI score0.00111EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.61 views

CVE-2015-1880

Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.59363EPSS
CVE
CVE
added 2022/03/01 7:15 p.m.61 views

CVE-2020-15936

A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets.

4.5CVSS4.4AI score0.00335EPSS
CVE
CVE
added 2022/11/02 12:15 p.m.61 views

CVE-2022-26122

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

8.6CVSS8.5AI score0.00105EPSS
CVE
CVE
added 2023/12/13 7:15 a.m.61 views

CVE-2023-36639

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows a...

8.8CVSS8.7AI score0.00173EPSS
CVE
CVE
added 2023/10/10 5:15 p.m.61 views

CVE-2023-41841

An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions.

8.8CVSS8.6AI score0.00187EPSS
CVE
CVE
added 2025/04/08 2:15 p.m.61 views

CVE-2024-26013

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and ...

7.5CVSS7.3AI score0.00089EPSS
CVE
CVE
added 2025/01/14 2:15 p.m.61 views

CVE-2024-46669

An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.

6.5CVSS4AI score0.00171EPSS
CVE
CVE
added 2025/01/16 9:15 a.m.61 views

CVE-2024-48885

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 thro...

9.1CVSS7.3AI score0.00036EPSS
CVE
CVE
added 2025/06/10 5:19 p.m.61 views

CVE-2024-50568

A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specifi...

5.9CVSS5.7AI score0.00011EPSS
CVE
CVE
added 2006/02/14 7:0 p.m.60 views

CVE-2005-3058

Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed...

7.5CVSS6.6AI score0.05691EPSS
CVE
CVE
added 2018/01/29 4:29 p.m.60 views

CVE-2017-14190

A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.

6.1CVSS6AI score0.0033EPSS
CVE
CVE
added 2023/02/16 7:15 p.m.60 views

CVE-2022-39948

An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Ma...

7.4CVSS7.4AI score0.00081EPSS
CVE
CVE
added 2022/12/06 5:15 p.m.60 views

CVE-2022-40680

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages.

5.4CVSS5.7AI score0.00292EPSS
CVE
CVE
added 2020/09/24 3:15 p.m.59 views

CVE-2020-12818

An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.

5.3CVSS5.2AI score0.00278EPSS
CVE
CVE
added 2023/04/11 5:15 p.m.59 views

CVE-2022-41330

An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 all...

8.8CVSS6AI score0.01024EPSS
CVE
CVE
added 2023/04/11 5:15 p.m.59 views

CVE-2022-42469

A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.

4.3CVSS4.5AI score0.00039EPSS
CVE
CVE
added 2024/08/13 4:15 p.m.59 views

CVE-2022-45862

An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below...

8.8CVSS4.2AI score0.00096EPSS
CVE
CVE
added 2024/12/19 11:15 a.m.58 views

CVE-2020-12820

Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClien...

8.8CVSS6.2AI score0.00538EPSS
CVE
CVE
added 2023/04/11 5:15 p.m.58 views

CVE-2023-22641

A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 thr...

5.4CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2023/10/10 5:15 p.m.57 views

CVE-2023-33301

An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host.

6.5CVSS4.5AI score0.00131EPSS
CVE
CVE
added 2024/01/10 6:15 p.m.57 views

CVE-2023-44250

An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests.

8.8CVSS8.5AI score0.00126EPSS
CVE
CVE
added 2024/05/14 5:15 p.m.57 views

CVE-2023-46714

A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests.

7.2CVSS8.1AI score0.00154EPSS
CVE
CVE
added 2024/11/12 7:15 p.m.57 views

CVE-2024-26011

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 ...

9.8CVSS7.8AI score0.00044EPSS
CVE
CVE
added 2006/02/14 7:0 p.m.56 views

CVE-2005-3057

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.

10CVSS6.8AI score0.01881EPSS
CVE
CVE
added 2018/05/24 8:29 p.m.56 views

CVE-2017-14187

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program ...

7.2CVSS6.9AI score0.00065EPSS
CVE
CVE
added 2021/12/08 7:15 p.m.56 views

CVE-2021-36173

A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.

8.8CVSS9.1AI score0.0063EPSS
CVE
CVE
added 2023/06/13 9:15 a.m.56 views

CVE-2023-29178

A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.

4.3CVSS4.5AI score0.00127EPSS
CVE
CVE
added 2023/06/16 10:15 a.m.56 views

CVE-2023-33306

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter.

6.5CVSS6.3AI score0.00201EPSS
CVE
CVE
added 2025/01/14 2:15 p.m.56 views

CVE-2024-48886

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 throug...

9.8CVSS9.3AI score0.00112EPSS
CVE
CVE
added 2021/11/17 12:15 p.m.55 views

CVE-2021-32600

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the...

5CVSS3.9AI score0.00124EPSS
CVE
CVE
added 2023/03/07 5:15 p.m.55 views

CVE-2022-41329

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations ...

5.3CVSS5AI score0.00306EPSS
CVE
CVE
added 2025/01/14 2:15 p.m.55 views

CVE-2024-46666

An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests direc...

5.3CVSS5.3AI score0.00133EPSS
CVE
CVE
added 2017/09/12 2:29 a.m.54 views

CVE-2017-7734

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.

5.4CVSS5.6AI score0.00305EPSS
CVE
CVE
added 2025/01/14 2:15 p.m.54 views

CVE-2023-46715

An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets.

5CVSS5AI score0.00031EPSS
CVE
CVE
added 2025/02/11 5:15 p.m.54 views

CVE-2024-35279

A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to...

8.1CVSS8.7AI score0.00104EPSS
CVE
CVE
added 2018/02/08 11:29 p.m.53 views

CVE-2012-0941

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the field...

6.1CVSS5.9AI score0.0086EPSS
Total number of security vulnerabilities233