~/products/fortinet/fortivoice

pipeline liveDigest Docs

Fortinet Fortivoice vulnerabilities

26 known vulnerabilities affecting fortinet/fortivoice.

Total CVEs

26

CISA KEV

1

actively exploited

Public exploits

1

Exploited in wild

0

Severity breakdown

CRITICAL4HIGH10MEDIUM12

Vulnerabilities

Page 2 of 2

CVE-2022-27488HIGHCVSS 8.8≥ 6.0.0, ≤ 6.0.11≥ 6.4.0, ≤ 6.4.72023-12-13

CVE-2022-27488 [HIGH] CWE-352 CVE-2022-27488: A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwit A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a re

CVE-2021-42755MEDIUMCVSS 4.3v5.3.0v5.3.1+39 more2022-07-18

CVE-2021-42755 [MEDIUM] CWE-190 CVE-2021-42755: An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and b An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcp

CVE-2021-36193HIGHCVSS 7.2≥ 6.4.0, ≤ 6.4.4≥ 6.0.0, ≤ 6.0.102022-02-02

CVE-2021-36193 [HIGH] CWE-121 CVE-2021-36193: Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may a Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.

CVE-2020-15933MEDIUMCVSS 5.32022-01-05

CVE-2020-15933 [MEDIUM] CWE-200 A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail v... FG-IR-20-105: A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail v... A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain

CVE-2021-42757MEDIUMCVSS 6.7≥ 6.0.0, ≤ 6.0.10≥ 6.4.0, ≤ 6.4.42021-12-08

CVE-2021-42757 [MEDIUM] CWE-120 CVE-2021-42757: A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 thr A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

CVE-2020-9294CRITICALCVSS 9.8PoC≥ 6.0.0, ≤ 6.0.12020-04-27

CVE-2020-9294 [CRITICAL] CWE-287 CVE-2020-9294: An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoic An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.

← Previous2 / 2