Fortinet Fortimanager vulnerabilities

CVE-2022-27483 [HIGH] CWE-78 CVE-2022-27483: A improper neutralization of special elements used in an os command ('os command injection') in Fort A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose s

CVE-2022-26118 [MEDIUM] CWE-269 CVE-2022-26118: A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 t A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.

CVE-2021-26104 [HIGH] CWE-78 CVE-2021-26104: Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a loca

CVE-2022-22303 [MEDIUM] CWE-200 CVE-2022-22303: An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497 An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.

CVE-2022-22300 [HIGH] CWE-755 CVE-2022-22300: A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6. A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager versi

CVE-2021-42757 [MEDIUM] CWE-120 CVE-2021-42757: A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 thr A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

CVE-2021-36192 [LOW] CWE-200 CVE-2021-36192: An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManage An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS.

CVE-2021-26107 [MEDIUM] CVE-2021-26107: An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allo An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.

CVE-2021-36170 [LOW] CWE-522 CVE-2021-36170: An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0 An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.

CVE-2021-24016 [MEDIUM] CWE-1236 CVE-2021-24016: An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.

CVE-2021-24017 [MEDIUM] CWE-287 CVE-2021-24017: An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.

CVE-2021-24006 [HIGH] CVE-2021-24006: An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authen An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL.

CVE-2021-32587 [MEDIUM] CVE-2021-32587: An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4. An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.

CVE-2021-32597 [MEDIUM] CWE-79 CVE-2021-32597: Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and Fo Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.

CVE-2021-32603 [MEDIUM] CWE-918 CVE-2021-32603: A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7 A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests.

CVE-2021-32598 [MEDIUM] CWE-444 CVE-2021-32598: An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerabili An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remain

CVE-2021-24022 [MEDIUM] CWE-120 CVE-2021-24022: A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and For A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.

CVE-2020-12811 [MEDIUM] CWE-79 CVE-2020-12811: An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6 An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.

CVE-2020-9289 [HIGH] CWE-798 CVE-2020-9289: Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.

CVE-2019-17657 [HIGH] CWE-400 CVE-2019-17657: An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6 An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP