Fortinet
by Fortinet
CVEs (96)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-36173 | 0.00 | — | 0.01 | Dec 8, 2021 | A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images. | |||
| CVE-2021-41021 | 0.00 | — | 0.00 | Dec 8, 2021 | A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. | |||
| CVE-2021-26109 | 0.00 | — | 0.02 | Dec 8, 2021 | An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution. | |||
| CVE-2021-26108 | 0.00 | — | 0.01 | Dec 8, 2021 | A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering. | |||
| CVE-2021-41024 | 0.00 | — | 0.02 | Dec 8, 2021 | A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request… | |||
| CVE-2021-26103 | 0.00 | — | 0.00 | Dec 8, 2021 | An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to… | |||
| CVE-2021-42752 | 0.00 | — | 0.01 | Dec 8, 2021 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests | |||
| CVE-2021-42760 | 0.00 | — | 0.01 | Dec 8, 2021 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests. | |||
| CVE-2021-41029 | 0.00 | — | 0.01 | Dec 8, 2021 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests | |||
| CVE-2021-42758 | 0.00 | — | 0.02 | Dec 8, 2021 | An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions. | |||
| CVE-2021-32600 | 0.00 | — | 0.01 | Nov 17, 2021 | An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin… | |||
| CVE-2020-15935 | 0.00 | — | 0.01 | Nov 2, 2021 | A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry… | |||
| CVE-2021-36184 | 0.00 | — | 0.01 | Nov 2, 2021 | A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests. | |||
| CVE-2021-36185 | 0.00 | — | 0.02 | Nov 2, 2021 | A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | |||
| CVE-2021-41019 | 0.00 | — | 0.01 | Nov 2, 2021 | An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials. | |||
| CVE-2021-24018 | 0.00 | — | 0.01 | Aug 4, 2021 | A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image. | |||
| CVE-2021-24023 | 0.00 | — | 0.01 | Jun 3, 2021 | An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command. | |||
| CVE-2021-24012 | 0.00 | — | 0.00 | Jun 2, 2021 | An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority. | |||
| CVE-2021-24011 | 0.00 | — | 0.01 | May 10, 2021 | A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. | |||
| CVE-2020-15938 | 0.00 | — | 0.01 | Mar 4, 2021 | When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header. |
- CVE-2021-36173Dec 8, 2021risk 0.00cvss —epss 0.01
A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.
- CVE-2021-41021Dec 8, 2021risk 0.00cvss —epss 0.00
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.
- CVE-2021-26109Dec 8, 2021risk 0.00cvss —epss 0.02
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
- CVE-2021-26108Dec 8, 2021risk 0.00cvss —epss 0.01
A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering.
- CVE-2021-41024Dec 8, 2021risk 0.00cvss —epss 0.02
A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request…
- CVE-2021-26103Dec 8, 2021risk 0.00cvss —epss 0.00
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to…
- CVE-2021-42752Dec 8, 2021risk 0.00cvss —epss 0.01
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests
- CVE-2021-42760Dec 8, 2021risk 0.00cvss —epss 0.01
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests.
- CVE-2021-41029Dec 8, 2021risk 0.00cvss —epss 0.01
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests
- CVE-2021-42758Dec 8, 2021risk 0.00cvss —epss 0.02
An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.
- CVE-2021-32600Nov 17, 2021risk 0.00cvss —epss 0.01
An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin…
- CVE-2020-15935Nov 2, 2021risk 0.00cvss —epss 0.01
A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry…
- CVE-2021-36184Nov 2, 2021risk 0.00cvss —epss 0.01
A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests.
- CVE-2021-36185Nov 2, 2021risk 0.00cvss —epss 0.02
A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
- CVE-2021-41019Nov 2, 2021risk 0.00cvss —epss 0.01
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.
- CVE-2021-24018Aug 4, 2021risk 0.00cvss —epss 0.01
A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.
- CVE-2021-24023Jun 3, 2021risk 0.00cvss —epss 0.01
An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command.
- CVE-2021-24012Jun 2, 2021risk 0.00cvss —epss 0.00
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
- CVE-2021-24011May 10, 2021risk 0.00cvss —epss 0.01
A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges.
- CVE-2020-15938Mar 4, 2021risk 0.00cvss —epss 0.01
When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.
Page 4 of 5