Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-32591
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox prior to 4.0.1, FortiWeb prior to 6.3.12, FortiADC prior to 6.2.1, FortiMail 7.0.1 and previous versions may allow an attacker in possession of the pa...
Fortinet Fortimail
Fortinet Fortisandbox
Fortinet Fortiadc
Fortinet Fortiweb 5.9.0
Fortinet Fortiweb 5.9.1
Fortinet Fortiweb
Fortinet Fortimail 7.0.1
Fortinet Fortiadc 6.2.0
Fortinet Fortisandbox 4.0.0
Fortinet Fortiadc 6.2.1
Fortinet Fortimail 7.0.0
7.5
CVSSv3
CVE-2022-43949
A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM prior to 6.7.1 allows a remote unauthenticated malicious user to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods.
Fortinet Fortisiem 6.4.1
Fortinet Fortisiem 6.4.0
Fortinet Fortisiem
Fortinet Fortisiem 6.2.1
Fortinet Fortisiem 6.2.0
Fortinet Fortisiem 5.4.0
Fortinet Fortisiem 6.7.0
Fortinet Fortisiem 6.5.0
Fortinet Fortisiem 6.5.1
Fortinet Fortisiem 6.4.2
Fortinet Fortisiem 6.1.0
Fortinet Fortisiem 6.1.1
Fortinet Fortisiem 6.1.2
Fortinet Fortisiem 6.7.1
8.8
CVSSv3
CVE-2021-42758
An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.
Fortinet Fortiwlc 8.0.5
Fortinet Fortiwlc 8.0.6
Fortinet Fortiwlc 8.1.2
Fortinet Fortiwlc 8.1.3
Fortinet Fortiwlc
Fortinet Fortiwlc 8.4.8
Fortinet Fortiwlc 8.4.7
Fortinet Fortiwlc 8.4.6
Fortinet Fortiwlc 8.4.5
Fortinet Fortiwlc 8.6.1
Fortinet Fortiwlc 8.6.0
Fortinet Fortiwlc 8.4.0
Fortinet Fortiwlc 8.4.1
Fortinet Fortiwlc 8.4.2
Fortinet Fortiwlc 8.4.4
NA
CVE-2015-2323
FortiOS 5.0.x prior to 5.0.12 and 5.2.x prior to 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle malicious users to spoof TLS content by modifying packets.
Fortinet Fortios 5.0.9
Fortinet Fortios 5.0.10
Fortinet Fortios 5.2.1
Fortinet Fortios 5.0.5
Fortinet Fortios 5.0.1
Fortinet Fortios 5.0.2
Fortinet Fortios 5.0.7
Fortinet Fortios 5.0.4
Fortinet Fortios 5.0.11
Fortinet Fortios 5.0.8
Fortinet Fortios 5.2.3
Fortinet Fortios 5.2.0
Fortinet Fortios 5.2.2
Fortinet Fortios 5.0.0
Fortinet Fortios 5.0.3
Fortinet Fortios 5.0.6
8.8
CVSSv3
CVE-2022-27488
A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 up to and including 7.0.4, 6.4.0 up to and including 6.4.10, 6.2.0 up to and including 6.2.7, 6.0.x, FortiMail version 7.0.0 up to and including 7.0.3, 6.4.0 up to...
Fortinet Fortiswitch
Fortinet Fortimail
Fortinet Fortirecorder
Fortinet Fortiai 1.5.3
Fortinet Fortiai 1.1.0
Fortinet Fortindr 7.1.0
Fortinet Fortindr
Fortinet Fortivoice
8.8
CVSSv3
CVE-2022-33869
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN 4.0.0 up to and including 4.5.9 may allow an authenticated malicious user to execute unauthorized commands via specifically crafted arguments to exi...
Fortinet Fortiwan 4.4.1
Fortinet Fortiwan 4.4.0
Fortinet Fortiwan 4.3.1
Fortinet Fortiwan 4.3.0
Fortinet Fortiwan 4.2.7
Fortinet Fortiwan 4.2.6
Fortinet Fortiwan 4.2.5
Fortinet Fortiwan 4.2.2
Fortinet Fortiwan 4.2.1
Fortinet Fortiwan 4.1.3
Fortinet Fortiwan 4.1.2
Fortinet Fortiwan 4.1.1
Fortinet Fortiwan
NA
CVE-2015-3293
FortiMail 5.0.3 up to and including 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command.
Fortinet Fortimail 5.2.3
Fortinet Fortimail 5.1.3
Fortinet Fortimail 5.2
Fortinet Fortimail 5.2.2
Fortinet Fortimail 5.0.7
Fortinet Fortimail 5.1.2
Fortinet Fortimail 5.1.1
Fortinet Fortimail 5.0.5
Fortinet Fortimail 5.1
Fortinet Fortimail 5.2.1
Fortinet Fortimail 5.0.3
Fortinet Fortimail 5.1.4
Fortinet Fortimail 5.0.6
Fortinet Fortimail 5.0.4
7.5
CVSSv3
CVE-2022-30305
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 up to and including 4.1.1, 4.0.0 up to and including 4.0.2, 3.3.0 up to and including 3.3.3, 3.2.0 up to and includin...
Fortinet Fortideceptor 3.1.0
Fortinet Fortisandbox 3.2.2
Fortinet Fortisandbox 3.2.0
Fortinet Fortisandbox 3.2.1
Fortinet Fortideceptor 3.1.1
Fortinet Fortideceptor 4.1.0
Fortinet Fortideceptor 4.1.1
Fortinet Fortideceptor 4.2.0
Fortinet Fortideceptor
Fortinet Fortisandbox
Fortinet Fortisandbox 3.2.3
9.8
CVSSv3
CVE-2023-26204
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB con...
Fortinet Fortisiem 6.4.1
Fortinet Fortisiem 6.4.0
Fortinet Fortisiem
Fortinet Fortisiem 6.2.1
Fortinet Fortisiem 6.2.0
Fortinet Fortisiem 5.4.0
Fortinet Fortisiem 6.5.0
Fortinet Fortisiem 6.5.1
Fortinet Fortisiem 6.4.2
Fortinet Fortisiem 6.1.0
Fortinet Fortisiem 6.1.1
Fortinet Fortisiem 6.1.2
7.8
CVSSv3
CVE-2022-22298
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 up to and including 1.2.2, FortiIsolator version 2.0.0 up to and including 2.0....
Fortinet Fortiisolator 2.1.0
Fortinet Fortiisolator 2.1.1
Fortinet Fortiisolator 2.1.2
Fortinet Fortiisolator 2.2.0
Fortinet Fortiisolator
Fortinet Fortiisolator 2.0.0
Fortinet Fortiisolator 2.0.1
Fortinet Fortiisolator 1.0.0
Fortinet Fortiisolator 1.2.0
Fortinet Fortiisolator 1.2.1
Fortinet Fortiisolator 1.2.2
Fortinet Fortiisolator 1.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »