cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-23439,https://securityvulnerability.io/vulnerability/CVE-2022-23439,External Resource Referencing Vulnerability in Fortinet Products,"This vulnerability in Fortinet products allows attackers to perform web cache poisoning through specially crafted HTTP requests. By manipulating the 'Host' header to point to a malicious web server, an adversary can inject harmful resources into the cache, potentially impacting the integrity and availability of cached content for users. Multiple Fortinet products are affected, creating a significant security risk that necessitates prompt updates and remediation.",Fortinet,"Fortitester,FortiOS,Fortimail,Fortiswitch,Fortiddos-f,Fortiproxy,Fortirecorder,Fortindr,Fortiadc,Fortimanager,Fortisoar,Fortivoice,Fortiddos,Fortiwlc,Fortianalyzer,Fortiportal,Fortiauthenticator",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-22T10:15:00.000Z,0
CVE-2024-23664,https://securityvulnerability.io/vulnerability/CVE-2024-23664,Fortinet FortiAuthenticator Open Redirect Vulnerability,"A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL.",Fortinet,Fortiauthenticator,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-03T09:50:26.151Z,0
CVE-2022-22302,https://securityvulnerability.io/vulnerability/CVE-2022-22302,Sensitive Information Storage Vulnerability in Fortinet FortiGate and FortiAuthenticator,"A vulnerability exists in Fortinet's FortiGate and FortiAuthenticator products, allowing unauthorized local parties to access sensitive private keys stored in plain text. This flaw affects specific versions of FortiGate and FortiAuthenticator, potentially compromising secure communications with services like Apple Push Notification and Google Cloud Messaging. The sensitive information can be retrieved by accessing certain filesystem files, exposing organizations to increased risk of data breaches.",Fortinet,"Fortiauthenticator,FortiOS",5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-07-11T08:54:00.679Z,0
CVE-2022-35850,https://securityvulnerability.io/vulnerability/CVE-2022-35850,Reflected Cross Site Scripting Vulnerability in FortiAuthenticator by Fortinet,"A vulnerability exists in FortiAuthenticator, allowing remote unauthenticated attackers to exploit improper script tag handling. This flaw can result in reflected cross site scripting (XSS) attacks via the 'reset-password' page. It affects several versions from 6.1 to 6.4.4, posing risks to users by potentially delivering malicious scripts.",Fortinet,Fortiauthenticator,4.2,MEDIUM,0.0010600000387057662,false,,false,false,false,,,false,false,,2023-04-11T16:07:22.760Z,0
CVE-2023-26208,https://securityvulnerability.io/vulnerability/CVE-2023-26208,Improper Authentication Attempts in Fortinet FortiAuthenticator Products,"A vulnerability exists in Fortinet FortiAuthenticator products that allows a remote unauthenticated attacker to exploit improper restrictions on excessive authentication attempts. By sending a high volume of HTTP requests to the login form, an attacker can partially exhaust the CPU and memory resources, potentially leading to service disruption. This vulnerability affects FortiAuthenticator versions 6.4.x and earlier, making it crucial for users to apply appropriate security measures and updates.",Fortinet,Fortiauthenticator,3.5,LOW,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-03-09T15:15:00.000Z,0
CVE-2022-22304,https://securityvulnerability.io/vulnerability/CVE-2022-22304,Improper Input Neutralization in FortiAuthenticator OWA Agent for Microsoft,"The FortiAuthenticator OWA Agent for Microsoft versions 2.1 and 2.2 contains a vulnerability that allows an unauthenticated attacker to execute cross-site scripting (XSS) attacks. This is due to improper neutralization of user input during web page generation, enabling the attacker to send crafted HTTP GET requests that could compromise web application security.",Fortinet,Fortinet Fortiauthenticator Outlookagent,6.1,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-07-18T16:35:28.000Z,0
CVE-2021-26116,https://securityvulnerability.io/vulnerability/CVE-2021-26116,Command Injection Flaw in FortiAuthenticator Product by Fortinet,"A vulnerability exists in FortiAuthenticator's command line interpreter which permits an authenticated attacker to exploit it through specially crafted arguments. This improper neutralization of commands may lead to the execution of unauthorized commands, posing significant security risks. It is crucial for users of affected versions to implement the necessary updates to mitigate potential exploitation.",Fortinet,Fortinet Fortiauthenticator,6.7,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2022-04-06T16:00:51.000Z,0
CVE-2021-36177,https://securityvulnerability.io/vulnerability/CVE-2021-36177,Improper Access Control in FortiAuthenticator HA Service,"An improper access control vulnerability in the FortiAuthenticator HA service allows attackers on the same VLAN as the management interface to establish an unauthenticated direct connection to the database. This can lead to unauthorized access to sensitive information, posing significant security risks for organizations utilizing this service.",Fortinet,Fortiauthenticator,4.2,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2022-02-02T10:54:47.000Z,0
CVE-2021-43068,https://securityvulnerability.io/vulnerability/CVE-2021-43068,Improper Authentication Vulnerability in Fortinet FortiAuthenticator,A security flaw in Fortinet FortiAuthenticator version 6.4.0 allows attackers to bypass the second factor of authentication through the RADIUS login portal. This vulnerability compromises the effectiveness of multi-factor authentication and could potentially lead to unauthorized access.,Fortinet,Fortinet Fortiauthenticator,5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-12-09T09:38:37.000Z,0
CVE-2021-43067,https://securityvulnerability.io/vulnerability/CVE-2021-43067,Sensitive Information Exposure in Fortinet FortiAuthenticator,"The vulnerability in Fortinet FortiAuthenticator allows unauthorized actors to access sensitive information by exploiting a flaw that permits the duplication of a target LDAP user’s two-factor authentication token. This is achieved through the use of crafted HTTP requests, impacting multiple versions including 6.4.0 and earlier. Organizations using affected versions should take immediate measures to secure their systems.",Fortinet,Fortinet Fortiauthenticator,8.3,HIGH,0.00482999999076128,false,,false,false,false,,,false,false,,2021-12-08T11:22:39.000Z,0
CVE-2021-22124,https://securityvulnerability.io/vulnerability/CVE-2021-22124,Denial of Service Vulnerability in FortiSandbox and FortiAuthenticator,"An uncontrolled resource consumption vulnerability exists in the login modules of FortiSandbox and FortiAuthenticator. This vulnerability allows an unauthenticated attacker to exploit the system by sending specifically crafted long request parameters, potentially leading to a denial of service condition and causing the device to become unresponsive.",Fortinet,"Fortinet Fortisandbox, Fortiauthenticator",7.5,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2021-08-04T18:18:25.000Z,0
CVE-2021-24005,https://securityvulnerability.io/vulnerability/CVE-2021-24005,Cryptographic Key Vulnerability in FortiAuthenticator by Fortinet,"The vulnerability involves the use of hard-coded cryptographic keys within FortiAuthenticator, enabling unauthorized access to sensitive configuration files and debug logs. Attackers with access to these files or the command-line interface (CLI) can decrypt protected data, citing knowledge of the embedded key. This flaw poses significant risks for data security and privacy, potentially leading to data breaches and unauthorized information disclosure.",Fortinet,Fortiauthenticator,4,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-07-06T10:56:12.000Z,0
CVE-2019-16154,https://securityvulnerability.io/vulnerability/CVE-2019-16154,Cross-Site Scripting Vulnerability in FortiAuthenticator Web UI by Fortinet,"An input validation flaw in the web page generation process of FortiAuthenticator WEB UI version 6.0.0 allows unauthenticated attackers to inject malicious scripts via the logon page parameters. This vulnerability could be exploited to execute unauthorized scripts in the context of a user's session, potentially leading to the disclosure of sensitive information. Enhanced input validation measures are necessary to mitigate this vulnerability and ensure the integrity of user interactions with the web interface.",Fortinet,Fortiauthenticator Web Ui,6.1,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2020-01-07T18:22:21.000Z,0
CVE-2018-9186,https://securityvulnerability.io/vulnerability/CVE-2018-9186,,"A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 ""CSRF validation failure"" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.",Fortinet,Fortiauthenticator,6.1,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2018-05-31T22:29:00.000Z,0
CVE-2015-1456,https://securityvulnerability.io/vulnerability/CVE-2015-1456,,"Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.",Fortinet,Fortiauthenticator,,,0.0013200000394135714,false,,false,false,false,,,false,false,,2015-02-03T16:00:00.000Z,0
CVE-2015-1458,https://securityvulnerability.io/vulnerability/CVE-2015-1458,,"Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the ""shell"" command.",Fortinet,Fortiauthenticator,,,0.0004600000102072954,false,,false,false,false,,,false,false,,2015-02-03T16:00:00.000Z,0
CVE-2015-1459,https://securityvulnerability.io/vulnerability/CVE-2015-1459,,Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.,Fortinet,Fortiauthenticator,,,0.02928999997675419,false,,false,false,false,,,false,false,,2015-02-03T16:00:00.000Z,0
CVE-2015-1455,https://securityvulnerability.io/vulnerability/CVE-2015-1455,,"Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors.",Fortinet,Fortiauthenticator,,,0.0065100002102553844,false,,false,false,false,,,false,false,,2015-02-03T16:00:00.000Z,0
CVE-2015-1457,https://securityvulnerability.io/vulnerability/CVE-2015-1457,,Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.,Fortinet,Fortiauthenticator,,,0.0004600000102072954,false,,false,false,false,,,false,false,,2015-02-03T16:00:00.000Z,0
CVE-2013-6990,https://securityvulnerability.io/vulnerability/CVE-2013-6990,,FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.,Fortinet,Fortiauthenticator,,,0.0009699999936856329,false,,false,false,false,,,false,false,,2014-04-30T14:00:00.000Z,0