cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-23439,https://securityvulnerability.io/vulnerability/CVE-2022-23439,External Resource Referencing Vulnerability in Fortinet Products,"This vulnerability in Fortinet products allows attackers to perform web cache poisoning through specially crafted HTTP requests. By manipulating the 'Host' header to point to a malicious web server, an adversary can inject harmful resources into the cache, potentially impacting the integrity and availability of cached content for users. Multiple Fortinet products are affected, creating a significant security risk that necessitates prompt updates and remediation.",Fortinet,"Fortitester,FortiOS,Fortimail,Fortiswitch,Fortiddos-f,Fortiproxy,Fortirecorder,Fortindr,Fortiadc,Fortimanager,Fortisoar,Fortivoice,Fortiddos,Fortiwlc,Fortianalyzer,Fortiportal,Fortiauthenticator",4.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T10:15:00.000Z,0
CVE-2024-36511,https://securityvulnerability.io/vulnerability/CVE-2024-36511,Potential vulnerbility in FortiADC WAF could allow unauthorized access to encrypted and signed cookies,"An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature",Fortinet,Fortiadc,3.7,LOW,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-10T14:37:47.230Z,0
CVE-2023-50178,https://securityvulnerability.io/vulnerability/CVE-2023-50178,Improper Certificate Validation in FortiADC by Fortinet,"An improper certificate validation vulnerability in FortiADC could allow an unauthenticated remote attacker to execute a Man-in-the-Middle attack. This weakness affects communication channels between the FortiADC devices and remote servers, including those utilized for private SDN connectors and FortiToken Cloud services. Exploitation of this vulnerability may lead to unauthorized interception of sensitive data, posing a significant risk to organizations relying on FortiADC for secure network management.",Fortinet,Fortiadc,7.4,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-07-09T16:15:00.000Z,0
CVE-2023-50179,https://securityvulnerability.io/vulnerability/CVE-2023-50179,Improper Certificate Validation in FortiADC Affected by Man-in-the-Middle Vulnerability,"An improper certificate validation issue exists in FortiADC systems, which may enable remote and unauthenticated attackers to execute Man-in-the-Middle attacks on the data exchanged between the FortiADC and public SDN connectors. This vulnerability undermines the integrity and confidentiality of the communication, potentially exposing sensitive information and allowing malicious actors to intercept network traffic.",Fortinet,Fortiadc,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-07-09T16:15:00.000Z,0
CVE-2023-50181,https://securityvulnerability.io/vulnerability/CVE-2023-50181,Improper Access Control in Fortinet FortiADC Affects Security Controls,"An improper access control vulnerability in Fortinet FortiADC allows a read-only authenticated attacker to execute unauthorized write actions. This can be achieved through specially crafted HTTP or HTTPS requests, posing a risk to the integrity and security of the impacted systems. The issue affects multiple versions, emphasizing the need for prompt updates to mitigate potential exploitation.",Fortinet,Fortiadc,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-09T16:15:00.000Z,0
CVE-2023-50180,https://securityvulnerability.io/vulnerability/CVE-2023-50180,Unauthorized Access Exposure in FortiADC by Fortinet,"An exposure vulnerability in FortiADC allows a read-only administrator to access sensitive data associated with other administrators. This issue affects various versions of FortiADC, creating a potential security risk where sensitive information could be misused by unauthorized users. It's crucial for organizations using FortiADC versions 7.4.1 and below, down to 6.2.6, to apply necessary mitigations to protect their systems.",Fortinet,Fortiadc,5.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-14T16:19:13.773Z,0
CVE-2023-41673,https://securityvulnerability.io/vulnerability/CVE-2023-41673,Improper Authorization Vulnerability in Fortinet FortiADC,"An improper authorization vulnerability exists in Fortinet FortiADC versions prior to 7.4.0 and 7.2.2, allowing low-privileged users to access and potentially backup the entire system configuration through unauthorized HTTP or HTTPS requests. This vulnerability raises significant security concerns, as it may lead to unauthorized access to sensitive system configurations.",Fortinet,FortiADC,6.9,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-12-13T07:15:00.000Z,0
CVE-2023-29177,https://securityvulnerability.io/vulnerability/CVE-2023-29177,Buffer Overflow Vulnerabilities in Fortinet's FortiADC and FortiDDoS-F Products,"Fortinet's FortiADC and FortiDDoS-F products are impacted by multiple buffer overflow vulnerabilities that occur due to improper size checks during buffer copy operations. These vulnerabilities could allow a privileged attacker to craft malicious Command-Line Interface (CLI) requests, potentially leading to arbitrary code execution or command execution in the affected systems. It is essential for users of FortiADC versions up to 7.2.0 and FortiDDoS-F versions up to 6.5.0 to apply the necessary updates to mitigate these risks.",Fortinet,"Fortiddos-f,Fortiadc",6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-14T19:15:00.000Z,0
CVE-2023-25603,https://securityvulnerability.io/vulnerability/CVE-2023-25603,Permissive Cross-Domain Policy Vulnerability in Fortinet FortiADC and FortiDDoS,A permissive cross-domain policy vulnerability found in Fortinet FortiADC and FortiDDoS products exposes systems to significant security risks. This flaw allows unauthorized attackers to execute privileged actions and access sensitive information by exploiting untrusted domain permissions through specially crafted web requests. Organizations using the affected versions are advised to take immediate action to secure their systems by updating to the patched versions.,Fortinet,"Fortiddos-f,Fortiadc",5.4,MEDIUM,0.0013699999544769526,false,,false,false,false,,,false,false,,2023-11-14T19:15:00.000Z,0
CVE-2023-26205,https://securityvulnerability.io/vulnerability/CVE-2023-26205,Improper Access Control in FortiADC Automation Feature by Fortinet,"An improper access control vulnerability exists in FortiADC's automation feature that could allow an authenticated low-privileged attacker to escalate their privileges to super_admin. This can be exploited through a specially crafted configuration of a fabric automation CLI script. Affected versions include FortiADC 7.1.0 to 7.1.2, as well as all versions of 7.0, 6.2, and 6.1. Organizations using these versions should review their configurations and take appropriate actions to mitigate potential risks.",Fortinet,Fortiadc,7.9,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2023-11-14T18:15:00.000Z,0
CVE-2023-25607,https://securityvulnerability.io/vulnerability/CVE-2023-25607,"OS Command Injection Vulnerability in FortiManager, FortiAnalyzer, and FortiADC","This vulnerability arises from inadequate neutralization of special elements used in OS commands within FortiManager, FortiAnalyzer, and FortiADC management interfaces. It potentially allows an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell through unsafe usage of the wordexp function. This could lead to unauthorized access and manipulation of the underlying system.",Fortinet,"Fortianalyzer,Fortimanager,Fortiadc",7.4,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2022-35849,https://securityvulnerability.io/vulnerability/CVE-2022-35849,Command Injection Vulnerability in FortiADC Management Interface,"FortiADC's management interface is susceptible to a command injection vulnerability that can be exploited by an authenticated attacker. By crafting specific arguments to existing commands, attackers may execute unauthorized commands, potentially compromising the integrity and availability of the affected system. This vulnerability impacts multiple versions of FortiADC, making it crucial for administrators to take immediate action to mitigate the risks.",Fortinet,Fortiadc,7.4,HIGH,0.0013599999947473407,false,,false,false,false,,,false,false,,2023-09-13T12:30:04.264Z,0
CVE-2023-26210,https://securityvulnerability.io/vulnerability/CVE-2023-26210,OS Command Injection Vulnerability in Fortinet FortiADC,"Fortinet FortiADC is susceptible to multiple improper neutralization vulnerabilities, enabling local authenticated attackers to execute arbitrary shell commands as the root user. This risk arises from crafted Command-Line Interface (CLI) requests that exploit weaknesses in the software's handling of input. Users are advised to promptly apply the latest patches to mitigate this security concern.",Fortinet,"Fortiadcmanager,Fortiadc",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-06-13T09:15:00.000Z,0
CVE-2023-28000,https://securityvulnerability.io/vulnerability/CVE-2023-28000,OS Command Injection Vulnerability in FortiADC Products,"A significant OS command injection vulnerability has been identified in FortiADC CLI versions 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, and all versions of 6.1 and 6.0. This flaw arises from improper neutralization of special elements within the command line interface. A local and authenticated attacker could exploit this vulnerability by executing unauthorized commands through specifically crafted arguments, particularly using the 'diagnose system df' command. Organizations utilizing affected FortiADC versions must prioritize mitigation to safeguard against potential exploitation.",Fortinet,Fortiadc,6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-06-13T09:15:00.000Z,0
CVE-2023-27993,https://securityvulnerability.io/vulnerability/CVE-2023-27993,Path Traversal Vulnerability in Fortinet FortiADC Products,"A relative path traversal vulnerability exists in Fortinet's FortiADC products, specifically affecting versions 7.2.0 and earlier than 7.1.1. This flaw enables a privileged attacker to execute specially crafted CLI commands that can lead to the deletion of arbitrary directories from the underlying filesystem, posing a significant risk to the integrity of system data.",Fortinet,Fortiadc,5.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-05-03T22:15:00.000Z,0
CVE-2023-27999,https://securityvulnerability.io/vulnerability/CVE-2023-27999,OS Command Injection Vulnerability in FortiADC by Fortinet,"An improper neutralization of special elements used in operating system commands exists within FortiADC versions 7.2.0, 7.1.0, and 7.1.1. This vulnerability allows an authenticated attacker to exploit the system by executing unauthorized commands through specially crafted arguments to existing commands. Proper mitigation and updates are recommended to safeguard against potential exploitation.",Fortinet,Fortiadc,7.6,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-05-03T22:15:00.000Z,0
CVE-2022-43952,https://securityvulnerability.io/vulnerability/CVE-2022-43952,Cross-Site Scripting Vulnerability in FortiADC by Fortinet,"An improper neutralization of input during web page generation vulnerability exists in FortiADC versions 7.1.1 and below, 7.0.3 and below, and 6.2.5 and below. This issue may enable an authenticated attacker to execute a cross-site scripting (XSS) attack through the utilization of specially crafted HTTP requests, potentially allowing them to manipulate the behavior of web pages viewed by other users.",Fortinet,Fortiadc,3.3,LOW,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-04-11T16:06:40.242Z,0
CVE-2022-43948,https://securityvulnerability.io/vulnerability/CVE-2022-43948,OS Command Injection Vulnerability in Fortinet FortiWeb and FortiADC Products,"An OS command injection vulnerability exists in Fortinet's FortiWeb and FortiADC products, allowing attackers to execute arbitrary commands by sending specially crafted input to existing commands. This vulnerability affects various versions of FortiWeb and FortiADC, posing a significant security risk. Proper input validation and filtering are essential to mitigate the risk of unauthorized code execution.",Fortinet,"Fortiweb,Fortiadc",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-11T16:06:08.263Z,0
CVE-2022-40679,https://securityvulnerability.io/vulnerability/CVE-2022-40679,Command Injection Vulnerability in Fortinet Products,"An improper neutralization of special elements used in an OS command vulnerability exists in FortiADC and FortiDDoS products, enabling authenticated attackers to execute unauthorized commands by leveraging specifically crafted arguments. This weakness affects various versions across both product lines, highlighting the importance of keeping systems updated and applying necessary patches to mitigate potential exploitation. Organizations using Fortinet's solutions should review their configurations and work towards implementing recommended security practices to protect against this vulnerability.",Fortinet,"Fortiddos,Fortiddos-f,Fortiadc",7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-11T16:05:49.688Z,0
CVE-2022-27482,https://securityvulnerability.io/vulnerability/CVE-2022-27482,OS Command Injection Vulnerability in Fortinet FortiADC,"An improper neutralization of special elements in Fortinet FortiADC allows an attacker to exploit OS command injection vulnerabilities. This can lead to arbitrary shell code execution with root privileges via command-line interface (CLI) commands. The flaw exists in multiple versions of FortiADC, and it is critical for administrators to apply necessary patches to mitigate potential attacks that could compromise system integrity and data security.",Fortinet,Fortiadc,7.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-16T18:06:42.848Z,0
CVE-2022-39947,https://securityvulnerability.io/vulnerability/CVE-2022-39947,OS Command Injection Vulnerability in Fortinet FortiADC Products,"An OS command injection vulnerability exists in Fortinet FortiADC, allowing attackers to execute unauthorized commands or code through specially crafted HTTP requests. This affects multiple versions, posing a significant security risk to systems using these affected editions of FortiADC. Organizations are urged to apply available patches promptly to mitigate potential exploitation.",Fortinet,Fortiadc,8.6,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2023-01-03T16:58:37.035Z,0
CVE-2022-33875,https://securityvulnerability.io/vulnerability/CVE-2022-33875,SQL Injection Vulnerability in Fortinet FortiADC Products,"An SQL Injection vulnerability exists in Fortinet FortiADC, allowing an authenticated attacker to send specially crafted HTTP requests. This could enable the execution of unauthorized commands, potentially compromising the integrity and security of the affected system. Organizations using vulnerable versions of FortiADC should review their systems and apply necessary updates to mitigate this risk.",Fortinet,Fortiadc,5.1,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2022-12-06T16:01:04.481Z,0
CVE-2022-33876,https://securityvulnerability.io/vulnerability/CVE-2022-33876,Improper Input Validation in Fortinet FortiADC Product,"Fortinet FortiADC products are affected by a series of improper input validation vulnerabilities that permit authenticated attackers to send specially crafted HTTP requests. This exploitation allows the attacker to retrieve files with specific extensions directly from the underlying Linux system, potentially exposing sensitive information and compromising system security.",Fortinet,Fortiadc,5.1,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-12-06T16:01:01.740Z,0
CVE-2022-38381,https://securityvulnerability.io/vulnerability/CVE-2022-38381,Improper Request Handling Vulnerability in FortiADC by Fortinet,"A vulnerability exists in FortiADC that stems from improper handling of malformed HTTP requests. This flaw may allow remote attackers, without necessary privileges, to bypass essential Web Application Firewall (WAF) protections, including those specifically designed to guard against SQL Injection and Cross-Site Scripting (XSS) attacks. The affected versions span several releases of FortiADC, thereby potentially exposing a wide range of deployments to security risks. For more details, refer to the official Fortinet advisory.",Fortinet,Fortinet Fortiadc,5.3,MEDIUM,0.001769999973475933,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-35851,https://securityvulnerability.io/vulnerability/CVE-2022-35851,Stored Cross-Site Scripting in FortiADC Management Interface,"A vulnerability exists in the FortiADC management interface, specifically in version 7.1.0, where improper input neutralization can allow an authenticated remote attacker to execute a stored cross-site scripting (XSS) attack. By manipulating the configuration of a specially crafted IP address, attackers can inject malicious scripts that may compromise user data and affect the integrity of the web application. This poses a significant security risk by enabling attackers to exploit affected systems.",Fortinet,Fortinet Fortiadc,8,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0