Fortinet Fortios vulnerabilities

CVE-2022-26122 [HIGH] CWE-345 CVE-2022-26122: An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

CVE-2022-35842 [HIGH] CWE-200 CVE-2022-35842: An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.

CVE-2022-30307 [HIGH] CVE-2022-30307: A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and b A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack.

CVE-2022-38380 [MEDIUM] CVE-2022-38380: An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 throu An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API.

CVE-2022-40684 [CRITICAL] CWE-287 CVE-2022-40684: An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7. An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via speciall

CVE-2022-29055 [HIGH] CWE-824 CVE-2022-29055: A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 thro A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request.

CVE-2021-44171 [HIGH] CWE-78 CVE-2021-44171: A improper neutralization of special elements used in an os command ('os command injection') in Fort A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.

CVE-2022-27491 [HIGH] CVE-2022-27491: A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine ver A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially

CVE-2021-43080 [MEDIUM] CWE-79 CVE-2021-43080: An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS ver An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric Exter

CVE-2022-29053 [LOW] CVE-2022-29053: A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it.

CVE-2022-22299 [HIGH] CWE-134 CVE-2022-22299: A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 th A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, For

CVE-2022-23442 [MEDIUM] CVE-2022-23442: An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 t An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.

CVE-2022-23438 [MEDIUM] CWE-79 CVE-2022-23438: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vul An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page.

CVE-2021-44170 [MEDIUM] CWE-787 CVE-2021-44170: A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS bef A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.

CVE-2021-42755 [MEDIUM] CWE-190 CVE-2021-42755: An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and b An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcp

CVE-2022-22306 [MEDIUM] CWE-295 CVE-2022-22306: An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 th An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.

CVE-2021-43081 [MEDIUM] CWE-79 CVE-2021-43081: An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS ver An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.

CVE-2021-43206 [MEDIUM] CWE-209 CVE-2021-43206: A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.

CVE-2021-41032 [MEDIUM] CVE-2021-41032: An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.

CVE-2020-15936 [MEDIUM] CWE-20 CVE-2020-15936: A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets.