Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2014-2723
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an u...
Fortinet Fortibalancer 400 Firmware
Fortinet Fortibalancer 1000 Firmware
Fortinet Fortibalancer 2000 Firmware
Fortinet Fortibalancer 3000 Firmware
6.7
CVSSv3
CVE-2021-43072
A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, versio...
Fortinet Fortianalyzer
Fortinet Fortimanager
Fortinet Fortios
Fortinet Fortiproxy
6.5
CVSSv3
CVE-2022-27490
A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 up to and including 6.0.4, FortiAnalyzer version 6.0.0 up to and including 6.0.4, FortiPortal version 6.0.0 up to and including 6.0.9, 5.3.0 up to and including 5.3.8, 5.2.x, 5.1.0...
Fortinet Fortiportal
Fortinet Fortimanager
Fortinet Fortianalyzer
Fortinet Fortiswitch
4.3
CVSSv3
CVE-2021-43074
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and be...
Fortinet Fortios
Fortinet Fortiproxy
Fortinet Fortiswitch
Fortinet Fortiweb
5.4
CVSSv3
CVE-2021-22131
A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows malicious user to retrieve information disclosed via man-in-the-...
Fortinet Fortitoken Mobile 5.0.3
Fortinet Fortitoken Mobile 5.0.2
Fortinet Fortitoken Mobile 4.5.0
Fortinet Fortitoken Mobile 4.4.0
Fortinet Fortitoken Mobile 4.3.0
Fortinet Fortitoken Mobile 4.2.2
Fortinet Fortitoken Mobile 4.2.1
Fortinet Fortitoken Mobile 4.1.1
Fortinet Fortitoken Mobile 4.0.1
Fortinet Fortitoken Mobile 4.0.3
Fortinet Fortitoken Mobile 3.0.1
Fortinet Fortitoken Mobile 3.0.0
Fortinet Fortitoken Mobile 5.2.0
Fortinet Fortitoken Mobile 4.2.0
Fortinet Fortitoken Mobile 4.1.0
Fortinet Fortitoken Mobile 3.0.5
Fortinet Fortitoken Mobile 3.0.4
Fortinet Fortitoken Mobile 3.0.3
Fortinet Fortitoken Mobile 3.0.2
Fortinet Fortitoken Mobile 4.0.0
Fortinet Fortitoken Mobile 0.4.20
Fortinet Fortitoken Mobile 0.4.10
NA
CVE-2014-8618
Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models prior to 4.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Fortinet Fortiadc Firmware
Fortinet Fortiadc-700d -
Fortinet Fortiadc-200d -
Fortinet Fortiadc-1500d -
Fortinet Fortiadc-2000d -
Fortinet Fortiadc-4000d -
7.5
CVSSv3
CVE-2021-41014
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated malicious user to make the httpsd daemon unresponsive via huge HTTP packets
Fortinet Fortiweb
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
7.2
CVSSv3
CVE-2022-33871
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and previous versions, 6.4 all versions, version 6.3.19 and previous versions may allow a privileged malicious user to execute arbitrary code or commands via specifically crafted CLI `execute backup-l...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
5.4
CVSSv3
CVE-2023-41673
An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and prior to 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.
Fortinet Fortiadc
Fortinet Fortiadc 7.1.0
Fortinet Fortiadc 7.2.0
Fortinet Fortiadc 7.1.1
Fortinet Fortiadc 7.1.2
Fortinet Fortiadc 7.4.0
6.3
CVSSv3
CVE-2021-36190
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated malicious user to access protected hosts via crafted HTTP requests.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »