CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fortinet : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-36186 787 Exec Code Overflow 2021-11-02 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests
2 CVE-2021-36183 863 2021-11-02 2021-11-04
7.2
None Local Low Not required Complete Complete Complete
An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.
3 CVE-2021-26089 59 Exec Code 2021-07-12 2021-07-13
7.2
None Local Low Not required Complete Complete Complete
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
4 CVE-2021-24020 326 Bypass 2021-07-09 2021-07-12
7.5
None Remote Low Not required Partial Partial Partial
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification.
5 CVE-2021-24019 613 +Priv 2021-10-06 2021-10-14
7.5
None Remote Low Not required Partial Partial Partial
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
6 CVE-2021-24012 295 2021-06-02 2021-06-14
7.5
None Remote Low Not required Partial Partial Partial
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
7 CVE-2021-24007 89 Exec Code Sql 2021-07-09 2021-07-12
7.5
None Remote Low Not required Partial Partial Partial
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
8 CVE-2021-22124 400 DoS 2021-08-04 2021-08-12
7.8
None Remote Low Not required None None Complete
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters.
9 CVE-2020-29016 787 Exec Code Overflow 2021-01-14 2021-01-20
7.5
None Remote Low Not required Partial Partial Partial
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.
10 CVE-2020-29015 89 Exec Code Sql 2021-01-14 2021-01-20
7.5
None Remote Low Not required Partial Partial Partial
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.
11 CVE-2020-12812 287 2020-07-24 2020-07-28
7.5
None Remote Low Not required Partial Partial Partial
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
12 CVE-2020-9294 287 2020-04-27 2020-05-04
7.5
None Remote Low Not required Partial Partial Partial
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
13 CVE-2020-9292 428 +Priv 2020-06-04 2020-06-09
7.5
None Remote Low Not required Partial Partial Partial
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.
14 CVE-2020-6649 613 +Priv 2021-02-08 2021-02-10
7.5
None Remote Low Not required Partial Partial Partial
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
15 CVE-2019-17658 428 +Priv 2020-03-12 2021-04-29
7.5
None Remote Low Not required Partial Partial Partial
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
16 CVE-2019-17650 78 Exec Code Bypass 2019-11-21 2020-01-22
7.2
None Local Low Not required Complete Complete Complete
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check.
17 CVE-2019-16153 798 2020-01-23 2020-01-27
7.5
None Remote Low Not required Partial Partial Partial
A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials.
18 CVE-2019-15711 2020-02-06 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process.
19 CVE-2019-15708 78 2020-03-15 2020-03-19
7.2
None Local Low Not required Complete Complete Complete
A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.
20 CVE-2018-1352 134 Exec Code 2019-02-08 2019-02-08
7.5
None Remote Low Not required Partial Partial Partial
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.
21 CVE-2017-14187 269 Exec Code 2018-05-24 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.
22 CVE-2017-7344 +Priv 2017-12-14 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.
23 CVE-2017-7342 20 Exec Code 2019-03-25 2019-03-26
7.5
None Remote Low Not required Partial Partial Partial
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
24 CVE-2017-7336 798 Exec Code 2017-07-22 2017-07-27
7.5
None Remote Low Not required Partial Partial Partial
A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.
25 CVE-2015-7362 264 +Priv 2016-01-08 2016-12-03
7.2
None Local Low Not required Complete Complete Complete
Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program.
26 CVE-2015-5737 264 2015-09-03 2018-10-09
7.2
None Local Low Not required Complete Complete Complete
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.
27 CVE-2015-5736 264 Exec Code 2015-09-03 2018-10-09
7.2
None Local Low Not required Complete Complete Complete
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.
28 CVE-2015-5735 264 2015-09-03 2018-10-09
7.2
None Local Low Not required Complete Complete Complete
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call.
29 CVE-2015-3613 269 2020-02-04 2020-02-05
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page
30 CVE-2015-2281 119 Exec Code Overflow 2015-03-19 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.
31 CVE-2015-1455 255 2015-02-03 2015-02-19
7.5
None Remote Low Not required Partial Partial Partial
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors.
32 CVE-2015-1452 17 DoS 2015-02-02 2015-02-19
7.8
None Remote Low Not required None None Complete
The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages.
33 CVE-2014-2216 DoS Exec Code 2014-08-25 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request.
34 CVE-2009-1262 134 Exec Code 2009-04-07 2018-10-10
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.
35 CVE-2008-7161 264 Bypass 2009-09-04 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058.
36 CVE-2008-0779 264 Exec Code 2008-02-14 2018-10-15
7.2
None Local Low Not required Complete Complete Complete
The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request.
37 CVE-2005-4570 DoS 2005-12-29 2011-03-08
7.8
None Remote Low Not required None None Complete
The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
38 CVE-2005-3058 264 Bypass 2005-12-31 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.
39 CVE-2005-1837 +Priv 2005-06-01 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Fortinet firewall running FortiOS 2.x contains a hardcoded username with the password set to the serial number, which allows local users with console access to gain privileges.
Total number of vulnerabilities : 39   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.