Fortinet Fortimanager vulnerabilities

7 known vulnerabilities affecting fortinet/fortinet_fortimanager.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4LOW1

Vulnerabilities

Page 1 of 1
CVE-2022-22303MEDIUMCVSS 5.5vFortiManager 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.02022-03-02
CVE-2022-22303 [LOW] CWE-200 CVE-2022-22303: An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497 An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.
cvelistv5nvd
CVE-2021-36192LOWCVSS 3.8vFortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.02021-11-03
CVE-2021-36192 [MEDIUM] CWE-200 CVE-2021-36192: An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManage An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS.
cvelistv5nvd
CVE-2021-26107MEDIUMCVSS 4.3vFortiManager 6.4.5, 6.4.42021-11-02
CVE-2021-26107 [MEDIUM] CVE-2021-26107: An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allo An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.
cvelistv5nvd
CVE-2021-24017MEDIUMCVSS 4.3vFortiManager 6.4.3, 6.2.62021-09-30
CVE-2021-24017 [MEDIUM] CWE-287 CVE-2021-24017: An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.
cvelistv5nvd
CVE-2021-24016MEDIUMCVSS 6.3vFortiManager 6.4.3, 6.2.72021-09-30
CVE-2021-24016 [LOW] CWE-1236 CVE-2021-24016: An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.
cvelistv5nvd
CVE-2021-24006HIGHCVSS 8.8vFortiManager 6.4.0 to 6.4.32021-09-06
CVE-2021-24006 [MEDIUM] CVE-2021-24006: An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authen An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL.
cvelistv5nvd
CVE-2019-17654HIGHCVSS 8.8v6.2.1v6.2.0+1 more2020-03-15
CVE-2019-17654 [HIGH] CWE-345 CVE-2019-17654: An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
cvelistv5nvd