Fortinet

Fortitester

15 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-23439

  • EPSS 0.06%
  • Published 22.01.2025 10:15:07
  • Last modified 12.02.2025 13:39:42

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before v...

7.8

CVE-2023-40716

  • EPSS 0.07%
  • Published 13.12.2023 07:15:14
  • Last modified 21.11.2024 08:20:01

An improper neutralization of special elements used in an OS command vulnerability [CWE-78]  in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically craf...

7.8

CVE-2023-36642

  • EPSS 0.1%
  • Published 13.09.2023 13:15:09
  • Last modified 21.11.2024 08:10:09

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted a...

5.5

CVE-2023-40715

  • EPSS 0.06%
  • Published 13.09.2023 13:15:09
  • Last modified 21.11.2024 08:20:01

A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.

7.8

CVE-2023-40717

  • EPSS 0.07%
  • Published 13.09.2023 13:15:09
  • Last modified 21.11.2024 08:20:01

A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.

8.8

CVE-2022-35845

  • EPSS 1.03%
  • Published 03.01.2023 17:15:10
  • Last modified 21.11.2024 07:11:48

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execu...

7.8

CVE-2022-33870

  • EPSS 0.26%
  • Published 02.11.2022 12:15:53
  • Last modified 21.11.2024 07:08:29

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute un...

6.7

CVE-2022-38372

  • EPSS 0.05%
  • Published 02.11.2022 12:15:53
  • Last modified 21.11.2024 07:16:20

A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command.

9.8

CVE-2022-33872

  • EPSS 1.6%
  • Published 18.10.2022 15:15:09
  • Last modified 21.11.2024 07:08:29

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticate...

9.8

CVE-2022-33873

  • EPSS 2.24%
  • Published 18.10.2022 15:15:09
  • Last modified 21.11.2024 07:08:30

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticat...