CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fortinet : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-41019 295 2021-11-02 2021-11-04
4.3
None Remote Medium Not required Partial None None
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.
2 CVE-2021-36184 89 Sql 2021-11-02 2021-11-04
4.0
None Remote Low ??? Partial None None
A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests.
3 CVE-2021-36178 522 2021-10-06 2021-10-14
4.0
None Remote Low ??? Partial None None
A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup.
4 CVE-2021-36176 79 DoS XSS 2021-11-02 2021-11-04
4.3
None Remote Medium Not required None Partial None
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
5 CVE-2021-36168 22 Dir. Trav. 2021-08-04 2021-08-10
4.0
None Remote Low ??? Partial None None
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values.
6 CVE-2021-32603 918 2021-08-05 2021-08-12
4.0
None Remote Low ??? Partial None None
A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests.
7 CVE-2021-32602 79 XSS 2021-08-19 2021-08-25
4.3
None Remote Medium Not required None Partial None
An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI 6.0.4 and below, 5.3.6 and below, 5.2.6 and below, 5.1.2 and below, 5.0.3 and below, 4.2.2 and below, 4.1.2 and below, 4.0.4 and below may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE value.
8 CVE-2021-32598 444 Http R.Spl. 2021-08-05 2021-08-12
4.0
None Remote Low ??? None Partial None
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
9 CVE-2021-32595 400 DoS 2021-11-02 2021-11-03
4.0
None Remote Low ??? None None Partial
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
10 CVE-2021-32587 863 2021-08-06 2021-09-21
4.0
None Remote Low ??? Partial None None
An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.
11 CVE-2021-26107 863 2021-11-02 2021-11-03
4.0
None Remote Low ??? None Partial None
An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.
12 CVE-2021-26106 78 Exec Code 2021-07-09 2021-07-12
4.6
None Local Low Not required Partial Partial Partial
An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments.
13 CVE-2021-26099 327 2021-07-12 2021-07-12
4.0
None Remote Low ??? Partial None None
Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.
14 CVE-2021-24024 532 2021-04-12 2021-04-16
4.0
None Remote Low ??? Partial None None
A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.
15 CVE-2021-24017 287 2021-09-30 2021-10-08
4.0
None Remote Low ??? None Partial None
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.
16 CVE-2021-24014 79 XSS 2021-08-04 2021-08-11
4.3
None Remote Medium Not required None Partial None
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters.
17 CVE-2021-24013 22 Dir. Trav. 2021-07-12 2021-07-13
4.0
None Remote Low ??? Partial None None
Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.
18 CVE-2021-24010 22 Dir. Trav. 2021-08-04 2021-08-11
4.0
None Remote Low ??? Partial None None
Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.
19 CVE-2021-22130 787 DoS Exec Code Overflow 2021-06-03 2021-06-11
4.0
None Remote Low ??? None None Partial
A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.
20 CVE-2021-22128 863 2021-03-04 2021-03-11
4.0
None Remote Low ??? Partial None None
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.
21 CVE-2021-22122 79 XSS 2021-02-08 2021-02-10
4.3
None Remote Medium Not required None Partial None
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
22 CVE-2020-15942 200 +Info 2021-04-12 2021-04-20
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile.
23 CVE-2020-15939 863 2021-09-06 2021-09-10
4.0
None Remote Low ??? Partial None None
An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL.
24 CVE-2020-15938 2021-03-04 2021-03-11
4.3
None Remote Medium Not required None Partial None
When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.
25 CVE-2020-15937 79 XSS 2021-03-03 2021-03-09
4.3
None Remote Medium Not required None Partial None
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.
26 CVE-2020-15935 312 2021-11-02 2021-11-04
4.0
None Remote Low ??? Partial None None
A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields.
27 CVE-2020-12816 79 XSS 2020-09-24 2020-09-30
4.3
None Remote Medium Not required None Partial None
An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.
28 CVE-2020-12811 79 XSS 2020-09-24 2020-09-30
4.3
None Remote Medium Not required None Partial None
An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.
29 CVE-2020-9291 668 +Priv 2020-06-01 2021-04-20
4.6
None Local Low Not required Partial Partial Partial
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
30 CVE-2020-6648 312 +Info 2020-10-21 2021-03-11
4.0
None Remote Low ??? Partial None None
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.
31 CVE-2020-6641 863 Bypass 2021-06-02 2021-06-10
4.0
None Remote Low ??? Partial None None
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters.
32 CVE-2019-17656 787 Exec Code Overflow 2021-04-12 2021-04-19
4.0
None Remote Low ??? None None Partial
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.
33 CVE-2019-16157 200 +Info 2020-03-13 2021-07-21
4.0
None Remote Low ??? Partial None None
An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands.
34 CVE-2019-16156 79 XSS 2020-03-12 2020-03-17
4.3
None Remote Medium Not required None Partial None
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).
35 CVE-2019-16154 79 XSS 2020-01-07 2020-01-14
4.3
None Remote Medium Not required None Partial None
An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page.
36 CVE-2019-15707 2020-01-23 2020-08-24
4.0
None Remote Low ??? Partial None None
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for.
37 CVE-2019-6700 522 2020-01-07 2021-07-21
4.0
None Remote Low ??? Partial None None
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.
38 CVE-2019-6693 798 2019-11-21 2019-11-27
4.0
None Remote Low ??? Partial None None
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).
39 CVE-2019-6692 427 Exec Code 2019-10-24 2019-10-30
4.4
None Local Medium Not required Partial Partial Partial
A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL.
40 CVE-2019-5594 79 XSS 2019-08-23 2019-08-26
4.3
None Remote Medium Not required None Partial None
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
41 CVE-2019-5592 347 2019-08-23 2020-08-24
4.3
None Remote Medium Not required Partial None None
Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.
42 CVE-2019-5590 79 Exec Code XSS 2019-08-28 2019-09-03
4.3
None Remote Medium Not required None Partial None
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.
43 CVE-2019-5588 79 Exec Code XSS 2019-06-04 2019-06-06
4.3
None Remote Medium Not required None Partial None
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests.
44 CVE-2019-5587 20 2019-06-04 2021-07-21
4.0
None Remote Low ??? None Partial None
Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods.
45 CVE-2019-5586 79 Exec Code XSS 2019-06-04 2019-10-23
4.3
None Remote Medium Not required None Partial None
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests.
46 CVE-2018-13383 787 Overflow 2019-05-29 2021-03-16
4.3
None Remote Medium Not required None None Partial
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
47 CVE-2018-13380 79 Exec Code XSS 2019-06-04 2021-04-06
4.3
None Remote Medium Not required None Partial None
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
48 CVE-2018-13378 200 +Info 2019-04-17 2019-04-17
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.
49 CVE-2018-13375 79 Exec Code XSS 2019-05-28 2019-05-30
4.3
None Remote Medium Not required None Partial None
An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).
50 CVE-2018-13374 732 2019-01-22 2021-06-03
4.0
None Remote Low ??? Partial None None
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
Total number of vulnerabilities : 135   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.