Fortinet Fortios vulnerabilities

CVE-2022-42474 [LOW] CWE-23 CVE-2022-42474: A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, ve A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem

CVE-2023-22640 [HIGH] CWE-787 CVE-2023-22640: A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, Fort

CVE-2022-43947 [HIGH] CWE-307 CVE-2022-43947: An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet For An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid l

CVE-2023-22641 [MEDIUM] CWE-601 CVE-2023-22641: A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2. A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy

CVE-2022-42469 [MEDIUM] CWE-183 CVE-2022-42469: A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, ve A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.

CVE-2022-41330 [MEDIUM] CWE-79 CVE-2022-41330: An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting' An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS att

CVE-2022-41328 [HIGH] CWE-22 CVE-2022-41328: A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE- A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.

CVE-2022-42476 [HIGH] CWE-23 CVE-2022-42476: A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7. A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.

CVE-2022-41329 [MEDIUM] CWE-200 CVE-2022-41329: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet Fo An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests.

CVE-2022-45861 [MEDIUM] CWE-824 CVE-2022-45861: An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET req

CVE-2022-39948 [HIGH] CWE-295 CVE-2022-39948: An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 thr An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel be

CVE-2022-41335 [HIGH] CWE-23 CVE-2022-41335: A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7. A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via craf

CVE-2021-43074 [MEDIUM] CWE-347 CVE-2021-43074: An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all vers An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7

CVE-2022-41334 [MEDIUM] CWE-79 CVE-2022-41334: An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS ver An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked.

CVE-2022-42472 [MEDIUM] CWE-113 CVE-2022-42472: A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow

CVE-2022-38378 [MEDIUM] CWE-269 CVE-2022-38378: An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and befor An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI

CVE-2022-29054 [LOW] CWE-329 CVE-2022-29054: A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.

CVE-2022-42475 [CRITICAL] CWE-197 CVE-2022-42475: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 t A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted req

CVE-2022-35843 [CRITICAL] CWE-284 CVE-2022-35843: An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login in

CVE-2022-40680 [MEDIUM] CWE-79 CVE-2022-40680: A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages.