Fortinet Fortios vulnerabilities

CVE-2021-26092 [MEDIUM] CWE-79 CVE-2021-26092: Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by

CVE-2021-44168 [HIGH] CWE-494 CVE-2021-44168: A download of code without integrity check vulnerability in the "execute restore src-vis" command of A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.

CVE-2021-36169 [MEDIUM] CVE-2021-36169: A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attac A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations.

CVE-2021-26109 [CRITICAL] CWE-190 CVE-2021-26109: An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.

CVE-2021-41024 [HIGH] CWE-22 CVE-2021-41024: A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.

CVE-2021-36173 [HIGH] CWE-787 CVE-2021-36173: A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0 A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.

CVE-2021-26103 [HIGH] CWE-345 CVE-2021-26103: An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of F An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web

CVE-2021-26110 [HIGH] CVE-2021-26110: An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6 An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script

CVE-2021-26108 [HIGH] CWE-798 CVE-2021-26108: A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering.

CVE-2021-42757 [MEDIUM] CWE-120 CVE-2021-42757: A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 thr A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

CVE-2021-32600 [LOW] CWE-200 CVE-2021-32600: An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6. An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list.

CVE-2021-41019 [MEDIUM] CWE-295 CVE-2021-41019: An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.

CVE-2021-24018 [HIGH] CWE-787 CVE-2021-24018: A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may a A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.

CVE-2021-24012 [HIGH] CWE-295 CVE-2021-24012: An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.

CVE-2019-17656 [MEDIUM] CWE-787 CVE-2019-17656: A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 a A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulne

CVE-2020-15938 [HIGH] CVE-2020-15938: When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6. When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.

CVE-2020-15937 [MEDIUM] CWE-79 CVE-2020-15937: An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x b An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.

CVE-2020-6648 [MEDIUM] CWE-312 CVE-2020-6648: A cleartext storage of sensitive information vulnerability in FortiOS command line interface in vers A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.

CVE-2020-12818 [MEDIUM] CVE-2020-12818: An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauth An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.

CVE-2019-5591 [MEDIUM] CWE-306 CVE-2019-5591: A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same s A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.