Fortinet Fortinet Fortios
39 CVEs affecting Fortinet Fortinet Fortios. Latest disclosed: 2022-11-02. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-44171 | Critical | 9.0 | 2022-10-10 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version… |
CVE-2021-26109 | High | 8.1 | 2021-12-08 | An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt cont… |
CVE-2021-36173 | High | 8.0 | 2021-12-08 | A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6… |
CVE-2021-26108 | High | 7.5 | 2021-12-08 | A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering. |
CVE-2021-41024 | High | 7.5 | 2021-12-08 | A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized at… |
CVE-2022-27491 | Medium | 6.8 | 2022-09-06 | A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 throug… |
CVE-2021-24012 | Medium | 6.5 | 2021-06-02 | An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any… |
CVE-2017-14182 | Medium | 6.5 | 2017-10-27 | A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, vi… |
CVE-2021-41032 | Medium | 6.3 | 2022-05-04 | An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricte… |
CVE-2021-26103 | Medium | 6.3 | 2021-12-08 | An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and For… |
CVE-2017-7733 | Medium | 6.1 | 2017-10-27 | A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascrip… |
CVE-2022-22306 | Medium | 5.4 | 2022-05-24 | An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a networ… |
CVE-2021-32600 | Medium | 5.0 | 2021-11-17 | An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may… |
CVE-2017-3128 | Medium | 4.8 | 2017-05-23 | A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label par… |
CVE-2022-23438 | Medium | 4.7 | 2022-07-18 | An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and… |
CVE-2020-15937 | Medium | 4.7 | 2021-03-03 | An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored… |
CVE-2021-43080 | Medium | 4.6 | 2022-09-06 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 thro… |
CVE-2022-38380 | Medium | 4.3 | 2022-11-02 | An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to… |
CVE-2022-23442 | Medium | 4.3 | 2022-08-03 | An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authentic… |
CVE-2021-24018 | Medium | 4.3 | 2021-08-04 | A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potenti… |