Search
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42788 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-01-12 | N/A | 6.7 MEDIUM |
| An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command | |||||
| CVE-2023-42787 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-12-21 | N/A | 6.5 MEDIUM |
| A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. | |||||
| CVE-2023-44249 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-12-21 | N/A | 6.5 MEDIUM |
| An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | |||||
| CVE-2023-40719 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-11-21 | N/A | 5.5 MEDIUM |
| A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials. | |||||
| CVE-2022-27490 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortiportal and 1 more | 2023-08-08 | N/A | 6.5 MEDIUM |
| A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands. | |||||
| CVE-2021-42757 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortios and 1 more | 2023-08-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. | |||||
| CVE-2021-43072 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortios and 1 more | 2023-07-27 | N/A | 6.7 MEDIUM |
| A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol. | |||||
| CVE-2022-26118 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2022-07-25 | N/A | 6.7 MEDIUM |
| A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system. | |||||
| CVE-2021-26107 | 1 Fortinet | 1 Fortimanager | 2021-11-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager. | |||||
| CVE-2021-24016 | 1 Fortinet | 1 Fortimanager | 2021-10-08 | 9.3 HIGH | 6.3 MEDIUM |
| An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host. | |||||
| CVE-2021-24017 | 1 Fortinet | 1 Fortimanager | 2021-10-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler. | |||||
| CVE-2021-32587 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2021-09-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration. | |||||
| CVE-2021-32597 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2021-08-13 | 3.5 LOW | 5.4 MEDIUM |
| Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters. | |||||
| CVE-2021-32603 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2021-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests. | |||||
| CVE-2021-32598 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2021-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. | |||||
| CVE-2021-24022 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2021-07-29 | 2.1 LOW | 4.4 MEDIUM |
| A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value. | |||||
| CVE-2020-12811 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2020-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. | |||||
| CVE-2015-3612 | 1 Fortinet | 1 Fortimanager | 2020-02-05 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. | |||||
| CVE-2018-1351 | 1 Fortinet | 1 Fortimanager | 2020-01-22 | 3.5 LOW | 4.8 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log. | |||||
| CVE-2018-1354 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | |||||
| CVE-2018-13375 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2019-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled). | |||||
| CVE-2018-1355 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2019-03-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. | |||||
| CVE-2018-1353 | 1 Fortinet | 1 Fortimanager | 2018-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. | |||||
| CVE-2015-7363 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Firmware, Fortimanager and 1 more | 2017-07-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. | |||||