Fortinet Fortirecorder Firmware vulnerabilities

5 known vulnerabilities affecting fortinet/fortirecorder_firmware.

Total CVEs

5

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2022-41333HIGHCVSS 7.5PoC≥ 6.0.0, ≤ 6.0.11≥ 6.4.0, ≤ 6.4.32023-03-07

CVE-2022-41333 [HIGH] CWE-400 CVE-2022-41333: An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and belo An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.

CVE-2022-22297MEDIUMCVSS 5.5≥ 2.7.0, ≤ 2.7.7≥ 6.0.0, ≤ 6.0.12+1 more2023-03-07

CVE-2022-22297 [MEDIUM] CWE-792 CVE-2022-22297: An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versi

CVE-2021-42755MEDIUMCVSS 4.3v6.0.0v6.0.1+12 more2022-07-18

CVE-2021-42755 [MEDIUM] CWE-190 CVE-2021-42755: An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and b An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcp

CVE-2021-42757MEDIUMCVSS 6.7≥ 2.6.0, ≤ 6.0.10≥ 6.4.0, ≤ 6.4.22021-12-08

CVE-2021-42757 [MEDIUM] CWE-120 CVE-2021-42757: A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 thr A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

CVE-2019-6698CRITICALCVSS 9.8fixed in 2.7.42019-08-23

CVE-2019-6698 [CRITICAL] CWE-798 CVE-2019-6698: Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an u Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device.