Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortios vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-12812
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
Fortinet Fortios
Fortinet Fortios 6.4.0
1 Github repository
2 Articles
6.6
CVSSv2
CVE-2021-36169
A Hidden Functionality in Fortinet FortiOS 7.x prior to 7.0.1, FortiOS 6.4.x prior to 6.4.7 allows malicious user to Execute unauthorized code or commands via specific hex read/write operations.
Fortinet Fortios 7.0.0
Fortinet Fortios
2.1
CVSSv2
CVE-2021-32600
An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 up to and including 6.4.6, 6.2.0 up to and including 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs informa...
Fortinet Fortios 7.0.0
Fortinet Fortios
5
CVSSv2
CVE-2021-26108
A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS prior to 7.0.1 may allow an malicious user to retrieve the key by reverse engineering.
Fortinet Fortios
Fortinet Fortios 7.0.0
7.5
CVSSv2
CVE-2021-26109
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS prior to 7.0.1 may allow an unauthenticated malicious user to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code executi...
Fortinet Fortios
Fortinet Fortios 7.0.0
NA
CVE-2021-43080
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 up to and including 6.4.9, version 7.0.0 up to and including 7.0.5 may allow an authenticated malicious user to perform a stored cross site scripting (XSS...
Fortinet Fortios 7.2.0
Fortinet Fortios
5.8
CVSSv2
CVE-2021-24018
A buffer underwrite vulnerability in the firmware verification routine of FortiOS prior to 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.
Fortinet Fortios 7.0.0
Fortinet Fortios
4
CVSSv2
CVE-2019-6693
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' pas...
Fortinet Fortios
Fortinet Fortios 6.2.0
3 Github repositories
2.9
CVSSv2
CVE-2022-22306
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 up to and including 6.0.14, 6.2.0 up to and including 6.2.10, 6.4.0 up to and including 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated malicious user to man-in-the-middle the communication ...
Fortinet Fortios 7.0.0
Fortinet Fortios
NA
CVE-2022-38380
An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 up to and including 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API.
Fortinet Fortios 7.2.0
Fortinet Fortios
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »