CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fortinet : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-0941 79 1 XSS 2018-02-08 2018-02-27
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list.
2 CVE-2021-44168 494 Exec Code 2022-01-04 2022-01-12
4.6
None Local Low Not required Partial Partial Partial
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.
3 CVE-2021-43204 DoS 2021-12-09 2021-12-10
4.9
None Local Low Not required None None Complete
A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions.
4 CVE-2021-43067 200 +Info 2021-12-08 2021-12-09
4.3
None Remote Medium Not required Partial None None
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests.
5 CVE-2021-43063 79 Exec Code XSS 2021-12-08 2021-12-09
4.3
None Remote Medium Not required None Partial None
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage.
6 CVE-2021-42757 120 Exec Code Overflow 2021-12-08 2021-12-09
4.6
None Local Low Not required Partial Partial Partial
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
7 CVE-2021-41027 787 Exec Code Overflow 2021-12-08 2021-12-09
4.6
None Local Low Not required Partial Partial Partial
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device.
8 CVE-2021-41019 295 2021-11-02 2021-11-04
4.3
None Remote Medium Not required Partial None None
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.
9 CVE-2021-41015 79 Exec Code XSS 2021-12-08 2021-12-09
4.3
None Remote Medium Not required None Partial None
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler
10 CVE-2021-36191 601 2021-12-08 2021-12-15
4.9
None Remote Medium ??? Partial Partial None
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers
11 CVE-2021-36189 311 2021-12-09 2021-12-10
4.0
None Remote Low ??? Partial None None
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data
12 CVE-2021-36188 79 Exec Code XSS 2021-12-08 2021-12-10
4.3
None Remote Medium Not required None Partial None
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers
13 CVE-2021-36184 89 Sql 2021-11-02 2021-11-04
4.0
None Remote Low ??? Partial None None
A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests.
14 CVE-2021-36178 522 2021-10-06 2021-10-14
4.0
None Remote Low ??? Partial None None
A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup.
15 CVE-2021-36176 79 DoS XSS 2021-11-02 2021-11-04
4.3
None Remote Medium Not required None Partial None
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
16 CVE-2021-36168 22 Dir. Trav. 2021-08-04 2021-08-10
4.0
None Remote Low ??? Partial None None
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values.
17 CVE-2021-32603 918 2021-08-05 2021-08-12
4.0
None Remote Low ??? Partial None None
A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests.
18 CVE-2021-32602 79 XSS 2021-08-19 2021-08-25
4.3
None Remote Medium Not required None Partial None
An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI 6.0.4 and below, 5.3.6 and below, 5.2.6 and below, 5.1.2 and below, 5.0.3 and below, 4.2.2 and below, 4.1.2 and below, 4.0.4 and below may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE value.
19 CVE-2021-32598 444 Http R.Spl. 2021-08-05 2021-08-12
4.0
None Remote Low ??? None Partial None
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
20 CVE-2021-32595 400 DoS 2021-11-02 2021-11-03
4.0
None Remote Low ??? None None Partial
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
21 CVE-2021-32587 863 2021-08-06 2021-09-21
4.0
None Remote Low ??? Partial None None
An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.
22 CVE-2021-26110 269 2021-12-08 2021-12-09
4.6
None Local Low Not required Partial Partial Partial
An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.
23 CVE-2021-26107 863 2021-11-02 2021-11-03
4.0
None Remote Low ??? None Partial None
An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.
24 CVE-2021-26106 78 Exec Code 2021-07-09 2021-07-12
4.6
None Local Low Not required Partial Partial Partial
An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments.
25 CVE-2021-26099 327 2021-07-12 2021-07-12
4.0
None Remote Low ??? Partial None None
Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.
26 CVE-2021-24024 532 2021-04-12 2021-04-16
4.0
None Remote Low ??? Partial None None
A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.
27 CVE-2021-24017 287 2021-09-30 2021-10-08
4.0
None Remote Low ??? None Partial None
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.
28 CVE-2021-24014 79 XSS 2021-08-04 2021-08-11
4.3
None Remote Medium Not required None Partial None
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters.
29 CVE-2021-24013 22 Dir. Trav. 2021-07-12 2021-07-13
4.0
None Remote Low ??? Partial None None
Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.
30 CVE-2021-24010 22 Dir. Trav. 2021-08-04 2021-08-11
4.0
None Remote Low ??? Partial None None
Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.
31 CVE-2021-22130 787 DoS Exec Code Overflow 2021-06-03 2021-06-11
4.0
None Remote Low ??? None None Partial
A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.
32 CVE-2021-22128 863 2021-03-04 2021-03-11
4.0
None Remote Low ??? Partial None None
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.
33 CVE-2021-22122 79 XSS 2021-02-08 2021-02-10
4.3
None Remote Medium Not required None Partial None
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
34 CVE-2020-15942 200 +Info 2021-04-12 2021-04-20
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile.
35 CVE-2020-15939 863 2021-09-06 2021-09-10
4.0
None Remote Low ??? Partial None None
An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL.
36 CVE-2020-15938 2021-03-04 2021-03-11
4.3
None Remote Medium Not required None Partial None
When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.
37 CVE-2020-15937 79 XSS 2021-03-03 2021-03-09
4.3
None Remote Medium Not required None Partial None
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.
38 CVE-2020-15935 312 2021-11-02 2021-11-04
4.0
None Remote Low ??? Partial None None
A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields.
39 CVE-2020-12816 79 XSS 2020-09-24 2020-09-30
4.3
None Remote Medium Not required None Partial None
An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.
40 CVE-2020-12811 79 XSS 2020-09-24 2020-09-30
4.3
None Remote Medium Not required None Partial None
An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.
41 CVE-2020-9291 668 +Priv 2020-06-01 2021-04-20
4.6
None Local Low Not required Partial Partial Partial
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
42 CVE-2020-6648 312 +Info 2020-10-21 2021-03-11
4.0
None Remote Low ??? Partial None None
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.
43 CVE-2020-6641 863 Bypass 2021-06-02 2021-06-10
4.0
None Remote Low ??? Partial None None
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters.
44 CVE-2019-17656 787 Exec Code Overflow 2021-04-12 2021-04-19
4.0
None Remote Low ??? None None Partial
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.
45 CVE-2019-16157 200 +Info 2020-03-13 2021-07-21
4.0
None Remote Low ??? Partial None None
An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands.
46 CVE-2019-16156 79 XSS 2020-03-12 2020-03-17
4.3
None Remote Medium Not required None Partial None
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).
47 CVE-2019-16154 79 XSS 2020-01-07 2020-01-14
4.3
None Remote Medium Not required None Partial None
An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page.
48 CVE-2019-15707 2020-01-23 2020-08-24
4.0
None Remote Low ??? Partial None None
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for.
49 CVE-2019-6700 522 2020-01-07 2021-07-21
4.0
None Remote Low ??? Partial None None
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.
50 CVE-2019-6693 798 2019-11-21 2019-11-27
4.0
None Remote Low ??? Partial None None
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).
Total number of vulnerabilities : 135   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.