Fortinet Fortios vulnerabilities

CVE-2022-35842 [LOW] CWE-200 CVE-2022-35842: An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.

CVE-2022-30307 [LOW] CVE-2022-30307: A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and b A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack.

CVE-2022-38380 [MEDIUM] CVE-2022-38380: An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 throu An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API.

CVE-2021-44171 [CRITICAL] CWE-78 CVE-2021-44171: A improper neutralization of special elements used in an os command ('os command injection') in Fort A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI comman

CVE-2022-27491 [MEDIUM] CVE-2022-27491: A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine ver A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potential

CVE-2021-43080 [MEDIUM] CWE-79 CVE-2021-43080: An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS ver An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric Exter

CVE-2022-29053 [LOW] CVE-2022-29053: A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it.

CVE-2022-23442 [MEDIUM] CVE-2022-23442: An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 t An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.

CVE-2022-23438 [MEDIUM] CWE-79 CVE-2022-23438: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vul An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page.

CVE-2022-22306 [MEDIUM] CWE-295 CVE-2022-22306: An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 th An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.

CVE-2021-41032 [MEDIUM] CVE-2021-41032: An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.

CVE-2020-15936 [LOW] CWE-20 CVE-2020-15936: A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets.

CVE-2021-44168 [LOW] CWE-494 CVE-2021-44168: A download of code without integrity check vulnerability in the "execute restore src-vis" command of A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.

CVE-2021-36169 [MEDIUM] CVE-2021-36169: A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attac A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations.

CVE-2021-26109 [HIGH] CWE-190 CVE-2021-26109: An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.

CVE-2021-41024 [HIGH] CWE-22 CVE-2021-41024: A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.

CVE-2021-36173 [HIGH] CWE-787 CVE-2021-36173: A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0 A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.

CVE-2021-26103 [MEDIUM] CWE-345 CVE-2021-26103: An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of F An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in we

CVE-2021-26108 [HIGH] CWE-798 CVE-2021-26108: A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering.

CVE-2021-32600 [MEDIUM] CWE-200 CVE-2021-32600: An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6. An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list.