Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortios vulnerabilities and exploits
(subscribe to this query)
6.7
CVSSv3
CVE-2023-36640
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 up to and including 7.2.4, 7.0.0 up to and including 7.0.10, 2.0.0 up to and including 2.0.13, 1.2.0 up to and including 1.2.13, 1.1.0 up to and including 1.1.6, 1.0.0 up to and including 1.0.7, Fo...
Fortinet Fortiproxy
Fortinet Fortipam
Fortinet Fortios 7.2.0
Fortinet Fortios
4.3
CVSSv3
CVE-2022-38380
An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 up to and including 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API.
Fortinet Fortios 7.2.0
Fortinet Fortios
NA
CVE-2013-4604
Fortinet FortiOS prior to 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role.
Fortinet Fortios 5.0.1
Fortinet Fortios
6
CVSSv3
CVE-2021-36169
A Hidden Functionality in Fortinet FortiOS 7.x prior to 7.0.1, FortiOS 6.4.x prior to 6.4.7 allows malicious user to Execute unauthorized code or commands via specific hex read/write operations.
Fortinet Fortios 7.0.0
Fortinet Fortios
5.3
CVSSv3
CVE-2022-22306
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 up to and including 6.0.14, 6.2.0 up to and including 6.2.10, 6.4.0 up to and including 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated malicious user to man-in-the-middle the communication ...
Fortinet Fortios 7.0.0
Fortinet Fortios
7.5
CVSSv3
CVE-2021-26108
A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS prior to 7.0.1 may allow an malicious user to retrieve the key by reverse engineering.
Fortinet Fortios
Fortinet Fortios 7.0.0
9.8
CVSSv3
CVE-2021-26109
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS prior to 7.0.1 may allow an unauthenticated malicious user to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code executi...
Fortinet Fortios
Fortinet Fortios 7.0.0
6.5
CVSSv3
CVE-2019-6693
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' pas...
Fortinet Fortios
Fortinet Fortios 6.2.0
3 Github repositories
7.5
CVSSv3
CVE-2022-35842
An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 up to and including 7.0.6 and versions 6.4.0 up to and including 6.4.9 may allow a remote unauthenticated malicious user to gain information abo...
Fortinet Fortios 7.2.0
Fortinet Fortios
7.5
CVSSv3
CVE-2022-27491
A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 up to and including 7.214, 7.001 up to and including 7.113, 6.001 up to and including 6.121, 5.001 up to and including 5.258 and prior to 4.086 allows a remote and unaut...
Fortinet Fortios
Fortinet Fortios 7.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »