CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fortinet : Security Vulnerabilities (CVSS score between 5 and 8.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43071 787 Exec Code Overflow 2021-12-09 2021-12-10
6.5
None Remote Low ??? Partial Partial Partial
A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.
2 CVE-2021-43068 287 Bypass 2021-12-09 2021-12-10
5.5
None Remote Low ??? Partial Partial None
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal.
3 CVE-2021-43065 732 +Priv 2021-12-09 2021-12-10
7.2
None Local Low Not required Complete Complete Complete
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.
4 CVE-2021-43064 601 2021-12-08 2021-12-09
5.8
None Remote Medium Not required Partial Partial None
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers.
5 CVE-2021-42760 89 Sql 2021-12-08 2021-12-09
7.5
None Remote Low Not required Partial Partial Partial
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests.
6 CVE-2021-41030 294 Bypass 2021-12-08 2021-12-10
6.4
None Remote Low Not required Partial Partial None
An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.
7 CVE-2021-41028 798 2021-12-16 2022-01-04
5.4
None Local Network Medium Not required Partial Partial Partial
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.
8 CVE-2021-41025 362 Bypass 2021-12-08 2021-12-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.
9 CVE-2021-41024 22 Dir. Trav. 2021-12-08 2021-12-09
5.0
None Remote Low Not required Partial None None
A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.
10 CVE-2021-41021 269 2021-12-08 2021-12-10
7.2
None Local Low Not required Complete Complete Complete
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.
11 CVE-2021-41017 787 Exec Code Overflow 2021-12-08 2021-12-10
6.5
None Remote Low ??? Partial Partial Partial
Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests.
12 CVE-2021-41014 400 2021-12-08 2021-12-09
5.0
None Remote Low Not required None None Partial
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets
13 CVE-2021-41013 863 2021-12-08 2021-12-10
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs.
14 CVE-2021-36194 787 Exec Code Overflow 2021-12-09 2021-12-10
6.5
None Remote Low ??? Partial Partial Partial
Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests.
15 CVE-2021-36190 610 2021-12-08 2021-12-09
6.5
None Remote Low ??? Partial Partial Partial
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests.
16 CVE-2021-36187 400 DoS 2021-11-02 2021-11-04
5.0
None Remote Low Not required None None Partial
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause a denial of service for webserver daemon via crafted HTTP requests
17 CVE-2021-36186 787 Exec Code Overflow 2021-11-02 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests
18 CVE-2021-36185 78 Exec Code 2021-11-02 2021-11-04
6.5
None Remote Low ??? Partial Partial Partial
A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
19 CVE-2021-36183 863 2021-11-02 2021-11-04
7.2
None Local Low Not required Complete Complete Complete
An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.
20 CVE-2021-36182 78 Exec Code 2021-09-08 2021-09-14
6.5
None Remote Low ??? Partial Partial Partial
A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests
21 CVE-2021-36180 77 Exec Code 2021-12-08 2021-12-09
6.5
None Remote Low ??? Partial Partial Partial
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.
22 CVE-2021-36179 787 Exec Code Overflow 2021-09-08 2021-09-14
6.5
None Remote Low ??? Partial Partial Partial
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution
23 CVE-2021-36174 770 DoS 2021-11-02 2021-11-04
5.0
None Remote Low Not required None None Partial
A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs.
24 CVE-2021-36172 611 DoS 2021-11-02 2021-11-04
6.4
None Remote Low Not required Partial None Partial
An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.
25 CVE-2021-36169 863 Exec Code 2021-12-13 2021-12-17
6.6
None Local Low Not required Complete Complete None
A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations.
26 CVE-2021-36167 863 Bypass 2021-12-09 2021-12-10
5.0
None Remote Low Not required None Partial None
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater.
27 CVE-2021-32596 916 2021-08-04 2021-08-10
5.0
None Remote Low Not required Partial None None
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.
28 CVE-2021-32594 434 2021-08-04 2021-08-11
5.5
None Remote Low ??? None Partial Partial
An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files.
29 CVE-2021-32592 427 2021-12-01 2021-12-02
6.9
None Local Medium Not required Complete Complete Complete
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.
30 CVE-2021-26109 190 Exec Code Overflow 2021-12-08 2021-12-09
7.5
None Remote Low Not required Partial Partial Partial
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
31 CVE-2021-26108 798 2021-12-08 2021-12-09
5.0
None Remote Low Not required Partial None None
A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering.
32 CVE-2021-26103 345 CSRF 2021-12-08 2021-12-09
5.1
None Remote High Not required Partial Partial Partial
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability.
33 CVE-2021-26100 311 2021-07-09 2021-07-12
5.0
None Remote Low Not required Partial None None
A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible.
34 CVE-2021-26098 330 2021-08-04 2021-08-11
5.0
None Remote Low Not required Partial None None
An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.
35 CVE-2021-26097 78 Exec Code 2021-08-04 2021-08-10
6.5
None Remote Low ??? Partial Partial Partial
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.
36 CVE-2021-26096 787 Overflow 2021-08-04 2021-08-11
6.5
None Remote Low ??? Partial Partial Partial
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.
37 CVE-2021-26095 327 2021-07-20 2021-07-28
6.5
None Remote Low ??? Partial Partial Partial
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges.
38 CVE-2021-26090 401 2021-07-12 2021-07-13
5.0
None Remote Low Not required None None Partial
A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.
39 CVE-2021-26089 59 Exec Code 2021-07-12 2022-01-17
7.2
None Local Low Not required Complete Complete Complete
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
40 CVE-2021-26088 287 Bypass 2021-07-12 2021-08-02
5.8
None Local Network Low Not required Partial Partial Partial
An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets.
41 CVE-2021-24020 326 Bypass 2021-07-09 2021-07-12
7.5
None Remote Low Not required Partial Partial Partial
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification.
42 CVE-2021-24019 613 +Priv 2021-10-06 2021-10-14
7.5
None Remote Low Not required Partial Partial Partial
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
43 CVE-2021-24018 Exec Code 2021-08-04 2021-11-16
5.8
None Local Network Low Not required Partial Partial Partial
A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.
44 CVE-2021-24015 78 Exec Code 2021-07-12 2021-07-14
6.5
None Remote Low ??? Partial Partial Partial
An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.
45 CVE-2021-24012 295 2021-06-02 2021-06-14
7.5
None Remote Low Not required Partial Partial Partial
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
46 CVE-2021-24007 89 Exec Code Sql 2021-07-09 2021-07-12
7.5
None Remote Low Not required Partial Partial Partial
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
47 CVE-2021-24006 863 2021-09-06 2021-09-10
6.5
None Remote Low ??? Partial Partial Partial
An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL.
48 CVE-2021-24005 798 2021-07-06 2021-07-08
5.0
None Remote Low Not required Partial None None
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key.
49 CVE-2021-22129 120 Exec Code Overflow 2021-07-09 2021-07-12
6.5
None Remote Low ??? Partial Partial Partial
Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.
50 CVE-2021-22124 400 DoS 2021-08-04 2021-08-12
7.8
None Remote Low Not required None None Complete
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters.
Total number of vulnerabilities : 139   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.