CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fortinet : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-36185 78 Exec Code 2021-11-02 2021-11-04
6.5
None Remote Low ??? Partial Partial Partial
A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
2 CVE-2021-36182 78 Exec Code 2021-09-08 2021-09-14
6.5
None Remote Low ??? Partial Partial Partial
A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests
3 CVE-2021-36179 787 Exec Code Overflow 2021-09-08 2021-09-14
6.5
None Remote Low ??? Partial Partial Partial
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution
4 CVE-2021-36172 611 DoS 2021-11-02 2021-11-04
6.4
None Remote Low Not required Partial None Partial
An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.
5 CVE-2021-26097 78 Exec Code 2021-08-04 2021-08-10
6.5
None Remote Low ??? Partial Partial Partial
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.
6 CVE-2021-26096 787 Overflow 2021-08-04 2021-08-11
6.5
None Remote Low ??? Partial Partial Partial
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.
7 CVE-2021-26095 327 2021-07-20 2021-07-28
6.5
None Remote Low ??? Partial Partial Partial
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges.
8 CVE-2021-24015 78 Exec Code 2021-07-12 2021-07-14
6.5
None Remote Low ??? Partial Partial Partial
An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.
9 CVE-2021-24006 863 2021-09-06 2021-09-10
6.5
None Remote Low ??? Partial Partial Partial
An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL.
10 CVE-2021-22129 120 Exec Code Overflow 2021-07-09 2021-07-12
6.5
None Remote Low ??? Partial Partial Partial
Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.
11 CVE-2020-29018 134 2021-01-14 2021-01-20
6.5
None Remote Low ??? Partial Partial Partial
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.
12 CVE-2020-29014 362 Exec Code 2021-07-09 2021-07-12
6.3
None Remote Medium ??? None None Complete
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands.
13 CVE-2020-29011 89 Exec Code Sql 2021-08-04 2021-08-10
6.5
None Remote Low ??? Partial Partial Partial
Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.
14 CVE-2020-12817 74 2020-09-24 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.
15 CVE-2020-9290 427 Exec Code 2020-03-15 2020-03-17
6.9
None Local Medium Not required Complete Complete Complete
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
16 CVE-2020-9287 427 Exec Code 2020-03-15 2020-03-17
6.9
None Local Medium Not required Complete Complete Complete
An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
17 CVE-2020-6644 613 +Priv 2020-06-22 2020-06-29
6.8
None Remote Medium Not required Partial Partial Partial
An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.
18 CVE-2019-17654 345 2020-03-15 2020-03-19
6.8
None Remote Medium Not required Partial Partial Partial
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
19 CVE-2019-17653 352 CSRF 2020-03-12 2020-03-18
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.
20 CVE-2019-17652 787 Overflow 2020-02-06 2020-02-12
6.8
None Remote Low ??? None None Complete
A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized.
21 CVE-2019-16155 2020-02-07 2020-08-24
6.6
None Local Low Not required None Complete Complete
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite.
22 CVE-2019-16152 20 DoS 2020-02-06 2020-02-12
6.8
None Remote Low ??? None None Complete
A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated.
23 CVE-2019-15712 2020-01-23 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for.
24 CVE-2018-13371 20 2020-04-02 2020-04-03
6.5
None Remote Low ??? Partial Partial Partial
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.
25 CVE-2017-7337 732 CSRF 2017-05-27 2019-10-03
6.4
None Remote Low Not required Partial Partial None
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.
26 CVE-2016-8494 264 Exec Code 2017-02-09 2017-03-01
6.5
None Remote Low ??? Partial Partial Partial
Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme.
27 CVE-2016-4066 352 CSRF 2016-07-13 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of administrators for requests that change the password via unspecified vectors.
28 CVE-2015-2323 310 2015-08-11 2016-12-03
6.4
None Remote Low Not required Partial Partial None
FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.
29 CVE-2015-1458 264 +Priv Bypass 2015-02-03 2017-09-08
6.9
None Local Medium Not required Complete Complete Complete
Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command.
30 CVE-2014-3115 352 CSRF 2014-05-08 2015-08-01
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors.
31 CVE-2014-1957 264 +Priv 2014-04-30 2014-07-18
6.5
None Remote Low ??? Partial Partial Partial
FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
32 CVE-2013-4604 264 2013-06-25 2013-06-26
6.5
None Remote Low ??? Partial Partial Partial
Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role.
Total number of vulnerabilities : 32   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.