Fortinet Fortiddos vulnerabilities

7 known vulnerabilities affecting fortinet/fortiddos.

Total CVEs

7

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH4MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2021-24008MEDIUMCVSS 5.3≥ 4.4.0, < 5.4.3v5.4.0+8 more2025-03-28

CVE-2021-24008 [MEDIUM] CWE-200 CVE-2021-24008: An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497 An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version

CVE-2022-23439MEDIUMCVSS 6.1≥ 5.3.0, < 5.5.2≥ 5.5.0, ≤ 5.5.1+8 more2025-01-22

CVE-2022-23439 [MEDIUM] CWE-610 CVE-2022-23439: A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

CVE-2022-27486HIGHCVSS 7.8≥ 4.5.0, < 5.6.2v5.7.0+9 more2024-08-13

CVE-2022-27486 [MEDIUM] CWE-78 CVE-2022-27486: A improper neutralization of special elements used in an os command ('os command injection') in Fort A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to

CVE-2022-40679HIGHCVSS 7.8≥ 4.0.0, < 5.7.0≥ 5.6.0, ≤ 5.6.1+14 more2023-04-11

CVE-2022-40679 [HIGH] CWE-78 CVE-2022-40679: An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in Forti An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all ver

CVE-2022-29060HIGHCVSS 8.1v5.1.0v5.2.0+7 more2022-07-19

CVE-2022-29060 [HIGH] CWE-798 CVE-2022-29060: A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.

CVE-2021-36193HIGHCVSS 7.2v5.7.0≥ 5.6.0, ≤ 5.6.1+10 more2022-02-02

CVE-2021-36193 [MEDIUM] CWE-121 CVE-2021-36193: Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may a Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.

CVE-2021-42757MEDIUMCVSS 6.7≥ 5.5.0, ≤ 5.5.1≥ 5.4.0, ≤ 5.4.3+8 more2021-12-08

CVE-2021-42757 [MEDIUM] CWE-120 CVE-2021-42757: A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 thr A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.