Fortinet Fortideceptor vulnerabilities

10 known vulnerabilities affecting fortinet/fortideceptor.

Total CVEs

10

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH5MEDIUM5

Vulnerabilities

Page 1 of 1

CVE-2026-25689MEDIUMCVSS 6.5≥ 4.0.0, ≤ 6.0.3v6.2.0+8 more2026-03-10

CVE-2026-25689 [MEDIUM] CWE-88 CVE-2026-25689: An improper neutralization of argument delimiters in a command ('argument injection') vulnerability An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versio

CVE-2024-35280MEDIUMCVSS 6.1≥ 3.0.0, < 5.2.1v5.3.0+11 more2025-01-15

CVE-2024-35280 [MEDIUM] CWE-79 CVE-2024-35280: A improper neutralization of input during web page generation ('cross-site scripting') vulnerability A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions, Forti

CVE-2024-45326MEDIUMCVSS 4.3≥ 5.0.0, < 6.0.1v6.0.0+4 more2025-01-14

CVE-2024-45326 [MEDIUM] CWE-284 CVE-2024-45326: An Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, Fo An Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted

CVE-2022-27487HIGHCVSS 8.8≥ 1.0, < 3.3.3≥ 4.0.0, ≤ 4.0.2+9 more2023-04-11

CVE-2022-27487 [HIGH] CWE-269 CVE-2022-27487: A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests.

CVE-2023-26209MEDIUMCVSS 5.3≥ 1.0.0, < 3.2.0≥ 3.1.0, ≤ 3.1.1+5 more2023-03-09

CVE-2023-26209 [LOW] CWE-307 CVE-2023-26209: A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet Fort A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

CVE-2022-30305HIGHCVSS 7.5≥ 3.0.0, ≤ 3.0.2≥ 3.2.0, ≤ 3.2.2+9 more2022-12-06

CVE-2022-30305 [LOW] CWE-778 CVE-2022-30305: An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3. An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials

CVE-2022-38373MEDIUMCVSS 5.4v4.0.2v4.1.0+2 more2022-11-02

CVE-2022-38373 [HIGH] CWE-79 CVE-2022-38373: An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDecept An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.

CVE-2022-30302HIGHCVSS 8.1≥ 1.0.0, ≤ 3.2.2≥ 3.3.0, ≤ 3.3.2+2 more2022-07-19

CVE-2022-30302 [MEDIUM] CWE-22 CVE-2022-30302: Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0. Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests.

CVE-2020-29017HIGHCVSS 8.8v3.0.0v3.0.1+1 more2021-01-14

CVE-2020-29017 [HIGH] CWE-78 CVE-2020-29017: An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authen An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.

CVE-2020-6644HIGHCVSS 8.1≤ 3.0.02020-06-22

CVE-2020-6644 [HIGH] CWE-613 CVE-2020-6644: An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.