fortinet

1,136 tracked vulnerabilities.

CVE-2023-22642 HIGH
FortiAnalyzer & FortiManager 6.4.8-6.4.10, 7.0.0-7.0.5, 7.2.0-7.2.1 - MITM via Improper Cert Validation
Apr 11, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-22641 MEDIUM
FortiProxy 1.0.0-1.2.x and 2.0.0-2.0.11 - Authenticated Open Redirect
Apr 11, 2023
CVSS 4.1
EPSS 0.00
CVE-2023-22635 HIGH
FortiClient 4.0.0-5.6.6 - Privilege Escalation via Installer Modification
Apr 11, 2023
CVSS 7.3
EPSS 0.00
CVE-2023-26209 LOW
Fortinet FortiDeceptor <3.1.x - DoS
Mar 09, 2023
CVSS 3.7
EPSS 0.02
CVE-2023-26208 LOW
Fortinet FortiAuthenticator <6.4 - DoS
Mar 09, 2023
CVSS 3.7
EPSS 0.02
CVE-2023-25611 MEDIUM
Fortinet FortiAnalyzer <7.2.1 - Code Injection
Mar 07, 2023
CVSS 4.0
EPSS 0.00
CVE-2023-25605 HIGH
Fortinet FortiSOAR 7.3.0-7.3.1 - Authenticated Improper Access Control via Crafted HTTP Requests
Mar 07, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-23776 MEDIUM
FortiAnalyzer 6.4.0-6.4.10, 7.0.0-7.0.4, 7.2.0-7.2.1 - Sensitive Info Exposure via Heartbeat
Mar 07, 2023
CVSS 4.6
EPSS 0.00
CVE-2023-22636 HIGH
FortiWeb 6.3.6-6.3.21, 6.4.0-6.4.2, 7.0.0-7.0.4 - Unauthenticated Configuration File Download via HTTP Request
Feb 27, 2023
CVSS 7.0
EPSS 0.00
CVE-2023-25602 HIGH
FortiWeb 5.6.0-6.4.0 Stack-based Buffer Overflow via Command Arguments
Feb 16, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-23784 MEDIUM
FortiWeb 6.3.6-6.3.20 and 7.0.0-7.0.2 - Path Traversal via Crafted Web Requests
Feb 16, 2023
CVSS 5.7
EPSS 0.01
CVE-2023-23783 MEDIUM
FortiWeb 6.4.0-6.4.1 and 7.0.0-7.0.1 - Remote Code Execution via Format String Injection
Feb 16, 2023
CVSS 6.7
EPSS 0.00
CVE-2023-23782 HIGH
FortiWeb 6.2-6.2.6, 6.3.0-6.3.19, 6.4, 7.0.0-7.0.1 - Heap-based Buffer Overflow via Crafted Command Arguments
Feb 16, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-23781 MEDIUM
FortiWeb 6.3.0-6.3.19, 6.4, <=7.0.1 - Authenticated Stack-based Buffer Overflow via SAML XML Configuration
Feb 16, 2023
CVSS 6.4
EPSS 0.01
CVE-2023-23780 HIGH
FortiWeb 6.3.6-6.3.19, 6.4, 7.0.0-7.0.1 - Stack-based Buffer Overflow via Crafted HTTP Requests
Feb 16, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-23779 MEDIUM
FortiWeb 6.3.6-6.3.19, 6.4, <=7.0.1 - Authenticated OS Command Injection via HTTP Request Parameters
Feb 16, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-23778 MEDIUM
FortiWeb 6.2.3-6.2.6, 6.3, 6.4, 7.0-7.0.1 - Authenticated Path Traversal via Crafted Web Requests
Feb 16, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-22638 HIGH
FortiNAC <= 9.4.1 - Authenticated Cross-Site Scripting via HTTP GET Requests
Feb 16, 2023
CVSS 7.1
EPSS 0.00
CVE-2022-29059 LOW
FortiWeb <7.0.1, <6.4.2, <6.3.20, <6.2.7 - SQL Injection
Mar 14, 2025
CVSS 2.7
EPSS 0.00
CVE-2022-23439 MEDIUM
Fortinet Products - Host Header Web Cache Poisoning
Jan 22, 2025
CVSS 4.7
EPSS 0.00
CVE-2022-45856 MEDIUM
FortiClient 5.0-7.2.1, 6.4-7.2.5, 6.4-7.0.8, 2.0-7.0.7 - Unauthenticated MitM via SAML SSO
Sep 10, 2024
CVSS 4.8
EPSS 0.00
CVE-2022-45862 LOW
FortiOS <7.2.6, FortiProxy <7.4.0, FortiSwitchManager <7.2.2, FortiPAM <1.4.0 - GUI Session Expiration Issue
Aug 13, 2024
CVSS 3.7
EPSS 0.00
CVE-2022-27486 MEDIUM
FortiDDoS 4.5.0-5.5.1 and FortiDDoS-F 6.1.0-6.3.1 - Authenticated OS Command Injection via Execute CLI Commands
Aug 13, 2024
CVSS 6.6
EPSS 0.01
CVE-2022-27488 HIGH
Fortinet Fortiai < 6.0.12 - CSRF
Dec 13, 2023
CVSS 8.3
EPSS 0.00
CVE-2022-40681 HIGH
FortiClient 6.0.0-6.0.10, 6.2.0-6.2.9, 6.4.0-6.4.9, 7.0.0-7.0.7 - Denial of Service via Named Pipe Request
Nov 14, 2023
CVSS 7.1
EPSS 0.00