cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-36511,https://securityvulnerability.io/vulnerability/CVE-2024-36511,Potential vulnerbility in FortiADC WAF could allow unauthorized access to encrypted and signed cookies,"An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature",Fortinet,Fortiadc,3.7,LOW,0.0004600000102072954,false,false,false,false,,false,false,2024-09-10T14:37:47.230Z,0
CVE-2023-50181,https://securityvulnerability.io/vulnerability/CVE-2023-50181,,An improper access control vulnerability [CWE-284] in Fortinet FortiADC  version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests.,Fortinet,Fortiadc,6.5,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-07-09T16:15:00.000Z,0
CVE-2023-50178,https://securityvulnerability.io/vulnerability/CVE-2023-50178,Improper Certificate Validation in FortiADC by Fortinet,"An improper certificate validation vulnerability in FortiADC could allow an unauthenticated remote attacker to execute a Man-in-the-Middle attack. This weakness affects communication channels between the FortiADC devices and remote servers, including those utilized for private SDN connectors and FortiToken Cloud services. Exploitation of this vulnerability may lead to unauthorized interception of sensitive data, posing a significant risk to organizations relying on FortiADC for secure network management.",Fortinet,Fortiadc,7.4,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-07-09T16:15:00.000Z,0
CVE-2023-50179,https://securityvulnerability.io/vulnerability/CVE-2023-50179,,"An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors.",Fortinet,Fortiadc,5.9,MEDIUM,0.0008699999889358878,false,false,false,false,,false,false,2024-07-09T16:15:00.000Z,0
CVE-2023-50180,https://securityvulnerability.io/vulnerability/CVE-2023-50180,,"An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins.",Fortinet,Fortiadc,5.2,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T16:19:13.773Z,0
CVE-2023-41673,https://securityvulnerability.io/vulnerability/CVE-2023-41673,,An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.,Fortinet,FortiADC,6.9,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2023-12-13T07:15:00.000Z,0
CVE-2023-25603,https://securityvulnerability.io/vulnerability/CVE-2023-25603,,"A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.",Fortinet,"Fortiddos-f,Fortiadc",5.4,MEDIUM,0.0013699999544769526,false,false,false,false,,false,false,2023-11-14T19:15:00.000Z,0
CVE-2023-29177,https://securityvulnerability.io/vulnerability/CVE-2023-29177,,Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.,Fortinet,"Fortiddos-f,Fortiadc",6.2,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-11-14T19:15:00.000Z,0
CVE-2023-26205,https://securityvulnerability.io/vulnerability/CVE-2023-26205,Improper Access Control in FortiADC Automation Feature by Fortinet,"An improper access control vulnerability exists in FortiADC's automation feature that could allow an authenticated low-privileged attacker to escalate their privileges to super_admin. This can be exploited through a specially crafted configuration of a fabric automation CLI script. Affected versions include FortiADC 7.1.0 to 7.1.2, as well as all versions of 7.0, 6.2, and 6.1. Organizations using these versions should review their configurations and take appropriate actions to mitigate potential risks.",Fortinet,Fortiadc,7.9,HIGH,0.0007399999885819852,false,false,false,false,,false,false,2023-11-14T18:15:00.000Z,0
CVE-2023-25607,https://securityvulnerability.io/vulnerability/CVE-2023-25607,"OS Command Injection Vulnerability in FortiManager, FortiAnalyzer, and FortiADC","This vulnerability arises from inadequate neutralization of special elements used in OS commands within FortiManager, FortiAnalyzer, and FortiADC management interfaces. It potentially allows an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell through unsafe usage of the wordexp function. This could lead to unauthorized access and manipulation of the underlying system.",Fortinet,"Fortianalyzer,Fortimanager,Fortiadc",7.4,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-10-10T17:15:00.000Z,0
CVE-2022-35849,https://securityvulnerability.io/vulnerability/CVE-2022-35849,Command Injection Vulnerability in FortiADC Management Interface,"FortiADC's management interface is susceptible to a command injection vulnerability that can be exploited by an authenticated attacker. By crafting specific arguments to existing commands, attackers may execute unauthorized commands, potentially compromising the integrity and availability of the affected system. This vulnerability impacts multiple versions of FortiADC, making it crucial for administrators to take immediate action to mitigate the risks.",Fortinet,Fortiadc,7.4,HIGH,0.0010900000343099236,false,false,false,false,,false,false,2023-09-13T12:30:04.264Z,0
CVE-2023-26210,https://securityvulnerability.io/vulnerability/CVE-2023-26210,OS Command Injection Vulnerability in Fortinet FortiADC,"Fortinet FortiADC is susceptible to multiple improper neutralization vulnerabilities, enabling local authenticated attackers to execute arbitrary shell commands as the root user. This risk arises from crafted Command-Line Interface (CLI) requests that exploit weaknesses in the software's handling of input. Users are advised to promptly apply the latest patches to mitigate this security concern.",Fortinet,"Fortiadcmanager,Fortiadc",7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0
CVE-2023-28000,https://securityvulnerability.io/vulnerability/CVE-2023-28000,,"An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI command.",Fortinet,Fortiadc,6.3,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0
CVE-2023-27993,https://securityvulnerability.io/vulnerability/CVE-2023-27993,,A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands.,Fortinet,Fortiadc,5.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-05-03T22:15:00.000Z,0
CVE-2023-27999,https://securityvulnerability.io/vulnerability/CVE-2023-27999,OS Command Injection Vulnerability in FortiADC by Fortinet,"An improper neutralization of special elements used in operating system commands exists within FortiADC versions 7.2.0, 7.1.0, and 7.1.1. This vulnerability allows an authenticated attacker to exploit the system by executing unauthorized commands through specially crafted arguments to existing commands. Proper mitigation and updates are recommended to safeguard against potential exploitation.",Fortinet,Fortiadc,7.6,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-05-03T22:15:00.000Z,0
CVE-2022-43952,https://securityvulnerability.io/vulnerability/CVE-2022-43952,,"An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7.1.1 and below, version 7.0.3 and below, version 6.2.5 and below may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests.",Fortinet,Fortiadc,3.3,LOW,0.0004900000058114529,false,false,false,false,,false,false,2023-04-11T16:06:40.242Z,0
CVE-2022-43948,https://securityvulnerability.io/vulnerability/CVE-2022-43948,,"A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions, FortiADC 5.4 all versions, FortiADC 5.3 all versions, FortiADC 5.2 all versions, FortiADC 5.1 all versions allows attacker to execute unauthorized code or commands via specifically crafted arguments to existing commands.",Fortinet,"Fortiweb,Fortiadc",6.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-04-11T16:06:08.263Z,0
CVE-2022-40679,https://securityvulnerability.io/vulnerability/CVE-2022-40679,Command Injection Vulnerability in Fortinet Products,"An improper neutralization of special elements used in an OS command vulnerability exists in FortiADC and FortiDDoS products, enabling authenticated attackers to execute unauthorized commands by leveraging specifically crafted arguments. This weakness affects various versions across both product lines, highlighting the importance of keeping systems updated and applying necessary patches to mitigate potential exploitation. Organizations using Fortinet's solutions should review their configurations and work towards implementing recommended security practices to protect against this vulnerability.",Fortinet,"Fortiddos,Fortiddos-f,Fortiadc",7.1,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-04-11T16:05:49.688Z,0
CVE-2022-27482,https://securityvulnerability.io/vulnerability/CVE-2022-27482,OS Command Injection Vulnerability in Fortinet FortiADC,"An improper neutralization of special elements in Fortinet FortiADC allows an attacker to exploit OS command injection vulnerabilities. This can lead to arbitrary shell code execution with root privileges via command-line interface (CLI) commands. The flaw exists in multiple versions of FortiADC, and it is critical for administrators to apply necessary patches to mitigate potential attacks that could compromise system integrity and data security.",Fortinet,Fortiadc,7.4,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-02-16T18:06:42.848Z,0
CVE-2022-39947,https://securityvulnerability.io/vulnerability/CVE-2022-39947,OS Command Injection Vulnerability in Fortinet FortiADC Products,"An OS command injection vulnerability exists in Fortinet FortiADC, allowing attackers to execute unauthorized commands or code through specially crafted HTTP requests. This affects multiple versions, posing a significant security risk to systems using these affected editions of FortiADC. Organizations are urged to apply available patches promptly to mitigate potential exploitation.",Fortinet,Fortiadc,8.6,HIGH,0.0013200000394135714,false,false,false,false,,false,false,2023-01-03T16:58:37.035Z,0
CVE-2022-33875,https://securityvulnerability.io/vulnerability/CVE-2022-33875,,"An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.",Fortinet,Fortiadc,5.1,MEDIUM,0.0008699999889358878,false,false,false,false,,false,false,2022-12-06T16:01:04.481Z,0
CVE-2022-33876,https://securityvulnerability.io/vulnerability/CVE-2022-33876,,"Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.",Fortinet,Fortiadc,5.1,MEDIUM,0.0006300000241026282,false,false,false,false,,false,false,2022-12-06T16:01:01.740Z,0
CVE-2022-35851,https://securityvulnerability.io/vulnerability/CVE-2022-35851,,An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address.,Fortinet,Fortinet Fortiadc,8,HIGH,0.000539999979082495,false,false,false,false,,false,false,2022-11-02T00:00:00.000Z,0
CVE-2022-38374,https://securityvulnerability.io/vulnerability/CVE-2022-38374,,A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.,Fortinet,Fortinet Fortiadc,8.8,HIGH,0.0007200000109151006,false,false,false,true,true,false,false,2022-11-02T00:00:00.000Z,0
CVE-2022-38381,https://securityvulnerability.io/vulnerability/CVE-2022-38381,,"An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request.",Fortinet,Fortinet Fortiadc,5.3,MEDIUM,0.001769999973475933,false,false,false,false,,false,false,2022-11-02T00:00:00.000Z,0