CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fortinet : Security Vulnerabilities (CVSS score between 6 and 8.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43071 787 Exec Code Overflow 2021-12-09 2021-12-10
6.5
None Remote Low ??? Partial Partial Partial
A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.
2 CVE-2021-43065 732 +Priv 2021-12-09 2021-12-10
7.2
None Local Low Not required Complete Complete Complete
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.
3 CVE-2021-42760 89 Sql 2021-12-08 2021-12-09
7.5
None Remote Low Not required Partial Partial Partial
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests.
4 CVE-2021-41030 294 Bypass 2021-12-08 2021-12-10
6.4
None Remote Low Not required Partial Partial None
An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.
5 CVE-2021-41025 362 Bypass 2021-12-08 2021-12-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer.
6 CVE-2021-41021 269 2021-12-08 2021-12-10
7.2
None Local Low Not required Complete Complete Complete
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.
7 CVE-2021-41017 787 Exec Code Overflow 2021-12-08 2021-12-10
6.5
None Remote Low ??? Partial Partial Partial
Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests.
8 CVE-2021-36194 787 Exec Code Overflow 2021-12-09 2021-12-10
6.5
None Remote Low ??? Partial Partial Partial
Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests.
9 CVE-2021-36190 610 2021-12-08 2021-12-09
6.5
None Remote Low ??? Partial Partial Partial
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests.
10 CVE-2021-36186 787 Exec Code Overflow 2021-11-02 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests
11 CVE-2021-36185 78 Exec Code 2021-11-02 2021-11-04
6.5
None Remote Low ??? Partial Partial Partial
A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
12 CVE-2021-36183 863 2021-11-02 2021-11-04
7.2
None Local Low Not required Complete Complete Complete
An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.
13 CVE-2021-36182 78 Exec Code 2021-09-08 2021-09-14
6.5
None Remote Low ??? Partial Partial Partial
A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests
14 CVE-2021-36180 77 Exec Code 2021-12-08 2021-12-09
6.5
None Remote Low ??? Partial Partial Partial
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.
15 CVE-2021-36179 787 Exec Code Overflow 2021-09-08 2021-09-14
6.5
None Remote Low ??? Partial Partial Partial
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution
16 CVE-2021-36172 611 DoS 2021-11-02 2021-11-04
6.4
None Remote Low Not required Partial None Partial
An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.
17 CVE-2021-36169 863 Exec Code 2021-12-13 2021-12-17
6.6
None Local Low Not required Complete Complete None
A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations.
18 CVE-2021-32592 427 2021-12-01 2021-12-02
6.9
None Local Medium Not required Complete Complete Complete
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.
19 CVE-2021-26109 190 Exec Code Overflow 2021-12-08 2021-12-09
7.5
None Remote Low Not required Partial Partial Partial
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
20 CVE-2021-26097 78 Exec Code 2021-08-04 2021-08-10
6.5
None Remote Low ??? Partial Partial Partial
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.
21 CVE-2021-26096 787 Overflow 2021-08-04 2021-08-11
6.5
None Remote Low ??? Partial Partial Partial
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.
22 CVE-2021-26095 327 2021-07-20 2021-07-28
6.5
None Remote Low ??? Partial Partial Partial
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges.
23 CVE-2021-26089 59 Exec Code 2021-07-12 2022-01-17
7.2
None Local Low Not required Complete Complete Complete
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
24 CVE-2021-24020 326 Bypass 2021-07-09 2021-07-12
7.5
None Remote Low Not required Partial Partial Partial
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification.
25 CVE-2021-24019 613 +Priv 2021-10-06 2021-10-14
7.5
None Remote Low Not required Partial Partial Partial
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
26 CVE-2021-24015 78 Exec Code 2021-07-12 2021-07-14
6.5
None Remote Low ??? Partial Partial Partial
An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.
27 CVE-2021-24012 295 2021-06-02 2021-06-14
7.5
None Remote Low Not required Partial Partial Partial
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
28 CVE-2021-24007 89 Exec Code Sql 2021-07-09 2021-07-12
7.5
None Remote Low Not required Partial Partial Partial
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
29 CVE-2021-24006 863 2021-09-06 2021-09-10
6.5
None Remote Low ??? Partial Partial Partial
An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL.
30 CVE-2021-22129 120 Exec Code Overflow 2021-07-09 2021-07-12
6.5
None Remote Low ??? Partial Partial Partial
Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.
31 CVE-2021-22124 400 DoS 2021-08-04 2021-08-12
7.8
None Remote Low Not required None None Complete
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters.
32 CVE-2020-29018 134 2021-01-14 2021-01-20
6.5
None Remote Low ??? Partial Partial Partial
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.
33 CVE-2020-29016 787 Exec Code Overflow 2021-01-14 2021-01-20
7.5
None Remote Low Not required Partial Partial Partial
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.
34 CVE-2020-29015 89 Exec Code Sql 2021-01-14 2021-01-20
7.5
None Remote Low Not required Partial Partial Partial
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.
35 CVE-2020-29014 362 Exec Code 2021-07-09 2021-07-12
6.3
None Remote Medium ??? None None Complete
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands.
36 CVE-2020-29011 89 Exec Code Sql 2021-08-04 2021-08-10
6.5
None Remote Low ??? Partial Partial Partial
Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.
37 CVE-2020-12817 74 2020-09-24 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.
38 CVE-2020-12812 287 2020-07-24 2020-07-28
7.5
None Remote Low Not required Partial Partial Partial
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
39 CVE-2020-9294 287 2020-04-27 2020-05-04
7.5
None Remote Low Not required Partial Partial Partial
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
40 CVE-2020-9292 428 +Priv 2020-06-04 2020-06-09
7.5
None Remote Low Not required Partial Partial Partial
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.
41 CVE-2020-9290 427 Exec Code 2020-03-15 2020-03-17
6.9
None Local Medium Not required Complete Complete Complete
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
42 CVE-2020-9287 427 Exec Code 2020-03-15 2020-03-17
6.9
None Local Medium Not required Complete Complete Complete
An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
43 CVE-2020-6649 613 +Priv 2021-02-08 2021-02-10
7.5
None Remote Low Not required Partial Partial Partial
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
44 CVE-2020-6644 613 +Priv 2020-06-22 2020-06-29
6.8
None Remote Medium Not required Partial Partial Partial
An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.
45 CVE-2019-17658 428 +Priv 2020-03-12 2021-04-29
7.5
None Remote Low Not required Partial Partial Partial
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
46 CVE-2019-17654 345 2020-03-15 2020-03-19
6.8
None Remote Medium Not required Partial Partial Partial
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
47 CVE-2019-17653 352 CSRF 2020-03-12 2020-03-18
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.
48 CVE-2019-17652 787 Overflow 2020-02-06 2020-02-12
6.8
None Remote Low ??? None None Complete
A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized.
49 CVE-2019-17650 78 Exec Code Bypass 2019-11-21 2020-01-22
7.2
None Local Low Not required Complete Complete Complete
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check.
50 CVE-2019-16155 2020-02-07 2020-08-24
6.6
None Local Low Not required None Complete Complete
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite.
Total number of vulnerabilities : 84   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.