Fortios@7.2.0 Security Vulnerabilities and Issues — Fortios@7.2.0 CVE List

Lucene search

FortinetFortios7.2.0

14 matches found

CVE•added 2023/02/16 7:15 p.m.•141 views

CVE-2022-41335

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read ...

8.8CVSS7.8AI score0.00482EPSS

CVE•added 2022/12/06 5:15 p.m.•104 views

CVE-2022-35843

An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allo...

9.8CVSS9.5AI score0.00055EPSS

CVE•added 2022/10/18 3:15 p.m.•66 views

CVE-2022-29055

A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an ...

7.5CVSS7.5AI score0.00194EPSS

CVE•added 2022/11/02 12:15 p.m.•66 views

CVE-2022-35842

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.

7.5CVSS7.5AI score0.0048EPSS

CVE•added 2022/09/06 6:15 p.m.•63 views

CVE-2022-27491

A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML dat...

7.5CVSS7.4AI score0.00039EPSS

CVE•added 2023/02/16 7:15 p.m.•62 views

CVE-2022-29054

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.

3.3CVSS4.1AI score0.00066EPSS

CVE•added 2022/11/02 12:15 p.m.•61 views

CVE-2022-26122

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

8.6CVSS8.5AI score0.00105EPSS

CVE•added 2022/09/06 6:15 p.m.•52 views

CVE-2022-29053

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it.

3.3CVSS4.1AI score0.0006EPSS

CVE•added 2023/06/13 9:15 a.m.•52 views

CVE-2023-29175

An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-M...

4.8CVSS5.1AI score0.00091EPSS

CVE•added 2022/09/06 4:15 p.m.•50 views

CVE-2021-43080

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat...

5.4CVSS5.1AI score0.00391EPSS

CVE•added 2023/12/13 8:15 a.m.•50 views

CVE-2023-47536

An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocali...

5.3CVSS5.4AI score0.00098EPSS

CVE•added 2024/05/14 5:15 p.m.•48 views

CVE-2023-36640

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 th...

6.7CVSS7.3AI score0.00064EPSS

CVE•added 2022/11/02 12:15 p.m.•46 views

CVE-2022-38380

An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API.

4.3CVSS4.3AI score0.11847EPSS

CVE•added 2023/02/16 7:15 p.m.•43 views

CVE-2022-42472

A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10,...

5.4CVSS5.4AI score0.00401EPSS