FortiADC

CVEs (29)

CVE	Vendor / Product	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2018-13374	Fortinet Fortios	0.21	—	0.03	KEV	Jan 22, 2019	A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server…
CVE-2022-38374	Fortinet Fortinet	0.01	—	0.17		Nov 2, 2022	A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.
CVE-2023-26205	Fortinet Fortiadc 200d	0.00	—	0.00		Nov 14, 2023	An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted…
CVE-2023-25607	Fortinet Fortianalyzer	0.00	—	0.00		Oct 10, 2023	An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0…
CVE-2023-28000	Fortinet Fortiadc 200d	0.00	—	0.00		Jun 13, 2023	An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via…
CVE-2023-27993	Fortinet Fortiadc 200d	0.00	—	0.00		May 3, 2023	A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands.
CVE-2023-27999	Fortinet Fortiadc 200d	0.00	—	0.00		May 3, 2023	An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
CVE-2022-43952	Fortinet Fortiadc 200d	0.00	—	0.00		Apr 11, 2023	An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7.1.1 and below, version 7.0.3 and below, version 6.2.5 and below may allow an authenticated attacker to perform a cross-site scripting attack via…
CVE-2022-43948	Fortinet Fortiweb	0.00	—	0.00		Apr 11, 2023	A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions,…
CVE-2022-40679	Fortinet Fortiddos F	0.00	—	0.00		Apr 11, 2023	An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions,…
CVE-2022-27482	Fortinet Fortiadc 200d	0.00	—	0.01		Feb 16, 2023	A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands.
CVE-2022-39947	Fortinet Fortiadc 200d	0.00	—	0.05		Jan 3, 2023	A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC…
CVE-2022-33875	Fortinet Fortiadc 200d	0.00	—	0.01		Dec 6, 2022	An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via…
CVE-2022-33876	Fortinet Fortiadc 200d	0.00	—	0.00		Dec 6, 2022	Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP…
CVE-2022-35851	Fortinet Fortinet	0.00	—	0.01		Nov 2, 2022	An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address.
CVE-2022-38381	Fortinet Fortinet	0.00	—	0.00		Nov 2, 2022	An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application…
CVE-2021-43076	Fortinet Fortiadc 200d	0.00	—	0.00		Sep 6, 2022	An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell…
CVE-2022-22299	Fortinet Fortios	0.00	—	0.00		Aug 5, 2022	A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy…
CVE-2022-27484	Fortinet Fortinet	0.00	—	0.00		Aug 3, 2022	A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.
CVE-2022-26120	Fortinet Fortinet	0.00	—	0.01		Jul 18, 2022	Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via…

CVE-2018-13374KEVJan 22, 2019
Fortinet
Fortios
risk 0.21cvss —epss 0.03
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server…
CVE-2022-38374Nov 2, 2022
Fortinet
Fortinet
risk 0.01cvss —epss 0.17
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.
CVE-2023-26205Nov 14, 2023
Fortinet
Fortiadc 200d
risk 0.00cvss —epss 0.00
An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted…
CVE-2023-25607Oct 10, 2023
Fortinet
Fortianalyzer
risk 0.00cvss —epss 0.00
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0…
CVE-2023-28000Jun 13, 2023
Fortinet
Fortiadc 200d
risk 0.00cvss —epss 0.00
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via…
CVE-2023-27993May 3, 2023
Fortinet
Fortiadc 200d
risk 0.00cvss —epss 0.00
A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands.
CVE-2023-27999May 3, 2023
Fortinet
Fortiadc 200d
risk 0.00cvss —epss 0.00
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
CVE-2022-43952Apr 11, 2023
Fortinet
Fortiadc 200d
risk 0.00cvss —epss 0.00
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7.1.1 and below, version 7.0.3 and below, version 6.2.5 and below may allow an authenticated attacker to perform a cross-site scripting attack via…
CVE-2022-43948Apr 11, 2023
Fortinet
Fortiweb
risk 0.00cvss —epss 0.00
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions,…
CVE-2022-40679Apr 11, 2023
Fortinet
Fortiddos F
risk 0.00cvss —epss 0.00
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions,…
CVE-2022-27482Feb 16, 2023
Fortinet
Fortiadc 200d
risk 0.00cvss —epss 0.01
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands.
CVE-2022-39947Jan 3, 2023
Fortinet
Fortiadc 200d
risk 0.00cvss —epss 0.05
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC…
CVE-2022-33875Dec 6, 2022
Fortinet
Fortiadc 200d
risk 0.00cvss —epss 0.01
An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via…
CVE-2022-33876Dec 6, 2022
Fortinet
Fortiadc 200d
risk 0.00cvss —epss 0.00
Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP…
CVE-2022-35851Nov 2, 2022
Fortinet
Fortinet
risk 0.00cvss —epss 0.01
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address.
CVE-2022-38381Nov 2, 2022
Fortinet
Fortinet
risk 0.00cvss —epss 0.00
An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application…
CVE-2021-43076Sep 6, 2022
Fortinet
Fortiadc 200d
risk 0.00cvss —epss 0.00
An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell…
CVE-2022-22299Aug 5, 2022
Fortinet
Fortios
risk 0.00cvss —epss 0.00
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy…
CVE-2022-27484Aug 3, 2022
Fortinet
Fortinet
risk 0.00cvss —epss 0.00
A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.
CVE-2022-26120Jul 18, 2022
Fortinet
Fortinet
risk 0.00cvss —epss 0.01
Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via…

Page 1 of 2