Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortios vulnerabilities and exploits
(subscribe to this query)
2.9
CVSSv2
CVE-2022-22306
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 up to and including 6.0.14, 6.2.0 up to and including 6.2.10, 6.4.0 up to and including 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated malicious user to man-in-the-middle the communication ...
Fortinet Fortios 7.0.0
Fortinet Fortios
2.1
CVSSv2
CVE-2019-5593
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below o...
Fortinet Fortios
Fortinet Fortios 6.2.0
NA
CVE-2022-38380
An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 up to and including 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API.
Fortinet Fortios 7.2.0
Fortinet Fortios
NA
CVE-2022-35842
An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 up to and including 7.0.6 and versions 6.4.0 up to and including 6.4.9 may allow a remote unauthenticated malicious user to gain information abo...
Fortinet Fortios 7.2.0
Fortinet Fortios
NA
CVE-2023-37935
A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an malicious user to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those...
Fortinet Fortios
Fortinet Fortios 7.4.0
4
CVSSv2
CVE-2019-6693
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' pas...
Fortinet Fortios
Fortinet Fortios 6.2.0
3 Github repositories
NA
CVE-2022-27491
A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 up to and including 7.214, 7.001 up to and including 7.113, 6.001 up to and including 6.121, 5.001 up to and including 5.258 and prior to 4.086 allows a remote and unaut...
Fortinet Fortios
Fortinet Fortios 7.2.0
NA
CVE-2023-42789
A out-of-bounds write in Fortinet FortiOS 7.4.0 up to and including 7.4.1, 7.2.0 up to and including 7.2.5, 7.0.0 up to and including 7.0.12, 6.4.0 up to and including 6.4.14, 6.2.0 up to and including 6.2.15, FortiProxy 7.4.0, 7.2.0 up to and including 7.2.6, 7.0.0 up to and inc...
Fortinet Fortios
Fortinet Fortios 7.4.0
Fortinet Fortiproxy
Fortinet Fortiproxy 7.4.0
Fortinet Fortios 7.4.1
2 Articles
NA
CVE-2023-41678
A double free in Fortinet FortiOS versions 7.0.0 up to and including 7.0.5, FortiPAM version 1.0.0 up to and including 1.0.3, 1.1.0 up to and including 1.1.1 allows malicious user to execute unauthorized code or commands via specifically crafted request.
Fortinet Fortios 7.0.0
Fortinet Fortios 7.0.1
Fortinet Fortios 7.0.2
Fortinet Fortipam 1.1.0
Fortinet Fortipam 1.0.0
Fortinet Fortipam 1.0.1
Fortinet Fortipam 1.0.2
Fortinet Fortipam 1.0.3
Fortinet Fortipam 1.1.1
Fortinet Fortios 7.0.3
Fortinet Fortios 7.0.4
Fortinet Fortios 7.0.5
1 Article
NA
CVE-2023-44250
An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 up to and including 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 up to and including 7.4.1 allows an authenticated malicious user to perform elevated actions vi...
Fortinet Fortios 7.4.0
Fortinet Fortios 7.2.5
Fortinet Fortiproxy 7.4.0
Fortinet Fortiproxy 7.4.1
Fortinet Fortios 7.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »