Filtered by vendor Fortinet
Subscribe
Total
752 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33874 | 1 Fortinet | 1 Fortitester | 2024-11-21 | N/A | 9.8 CRITICAL |
| An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. | |||||
| CVE-2022-33873 | 1 Fortinet | 1 Fortitester | 2024-11-21 | N/A | 6.8 MEDIUM |
| An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell. | |||||
| CVE-2022-33872 | 1 Fortinet | 1 Fortitester | 2024-11-21 | N/A | 9.8 CRITICAL |
| An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. | |||||
| CVE-2022-33871 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 6.6 MEDIUM |
| A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations. | |||||
| CVE-2022-33870 | 1 Fortinet | 1 Fortitester | 2024-11-21 | N/A | 7.8 HIGH |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||
| CVE-2022-33869 | 1 Fortinet | 1 Fortiwan | 2024-11-21 | N/A | 8.8 HIGH |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||
| CVE-2022-30307 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 3.9 LOW |
| A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack. | |||||
| CVE-2022-30306 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 6.6 MEDIUM |
| A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password. | |||||
| CVE-2022-30305 | 1 Fortinet | 2 Fortideceptor, Fortisandbox | 2024-11-21 | N/A | 3.7 LOW |
| An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts. | |||||
| CVE-2022-30304 | 1 Fortinet | 1 Fortianalyzer | 2024-11-21 | N/A | 4.3 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer. | |||||
| CVE-2022-30303 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 8.8 HIGH |
| An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via crafted HTTP requests. | |||||
| CVE-2022-30302 | 1 Fortinet | 1 Fortideceptor | 2024-11-21 | N/A | 6.5 MEDIUM |
| Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests. | |||||
| CVE-2022-30301 | 1 Fortinet | 1 Fortiap-u | 2024-11-21 | N/A | 7.8 HIGH |
| A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands. | |||||
| CVE-2022-30300 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 6.5 MEDIUM |
| A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests. | |||||
| CVE-2022-30299 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 5.3 MEDIUM |
| A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests. | |||||
| CVE-2022-30298 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 7.0 HIGH |
| An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root. | |||||
| CVE-2022-29062 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 6.3 MEDIUM |
| Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests. | |||||
| CVE-2022-29061 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 7.2 HIGH |
| An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests. | |||||
| CVE-2022-29060 | 1 Fortinet | 1 Fortiddos | 2024-11-21 | N/A | 8.1 HIGH |
| A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device. | |||||
| CVE-2022-29058 | 1 Fortinet | 4 Fortiap, Fortiap-s, Fortiap-u and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||