Fortinet

Fortios

258 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-37935

  • EPSS 0.19%
  • Veröffentlicht 10.10.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 08:12:30

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read t...

5.3

CVE-2023-41675

  • EPSS 0.4%
  • Veröffentlicht 10.10.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 08:21:27

A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD ...

8.8

CVE-2023-41841

  • EPSS 0.19%
  • Veröffentlicht 10.10.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 08:21:46

An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions.

4.3

CVE-2023-33301

  • EPSS 0.13%
  • Veröffentlicht 10.10.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 08:05:22

An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host.

5.4

CVE-2023-29183

  • EPSS 0.59%
  • Veröffentlicht 13.09.2023 13:15:08
  • Zuletzt bearbeitet 21.11.2024 07:56:40

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 ...

4.2

CVE-2022-22305

  • EPSS 0.05%
  • Veröffentlicht 01.09.2023 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:36

An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and...

6.7

CVE-2023-29182

  • EPSS 0.04%
  • Veröffentlicht 17.08.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 07:56:40

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.

9.8

CVE-2023-33308

  • EPSS 5.93%
  • Veröffentlicht 26.07.2023 15:15:10
  • Zuletzt bearbeitet 21.11.2024 08:05:23

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary c...

6.7

CVE-2021-43072

  • EPSS 0.05%
  • Veröffentlicht 18.07.2023 03:15:54
  • Zuletzt bearbeitet 21.11.2024 06:28:38

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0...

9.8

CVE-2023-28001

  • EPSS 0.08%
  • Veröffentlicht 11.07.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 07:53:54

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API.