cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-39950,https://securityvulnerability.io/vulnerability/CVE-2022-39950,Cross-Site Scripting Vulnerability in FortiManager and FortiAnalyzer,"An input validation flaw exists in FortiManager and FortiAnalyzer products that permits low privilege attackers to exploit web page generation processes. This vulnerability arises when malformed comments are submitted via CKeditor's 'protected' comment feature, leading to potential Cross-Site Scripting (XSS) attacks. By leveraging this flaw, attackers can execute arbitrary scripts in the context of a victim's session, potentially compromising sensitive information and integrity of the affected applications.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",8,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-27483,https://securityvulnerability.io/vulnerability/CVE-2022-27483,OS Command Injection Vulnerability in Fortinet FortiManager and FortiAnalyzer,"An OS command injection vulnerability exists in Fortinet's FortiManager and FortiAnalyzer, where inadequate neutralization of special elements in command-line instructions can be exploited by an attacker. This vulnerability affects several versions, allowing unauthorized execution of arbitrary shell commands as the 'root' user through 'diagnose system' command line interface commands. If exploited, it poses a significant risk to the integrity and confidentiality of the affected systems.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",7.2,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2022-07-19T14:15:00.000Z,0
CVE-2022-26118,https://securityvulnerability.io/vulnerability/CVE-2022-26118,Privilege Escalation in FortiManager and FortiAnalyzer by Fortinet,"A privilege chaining vulnerability exists in FortiManager and FortiAnalyzer, where local authenticated attackers with restricted shell access can exploit incorrect permissions on certain folders and executable files. This weakness allows them to escalate their privileges to root, leading to unauthorized access and potential compromise of system integrity.",Fortinet,"Fortinet Fortimanager , Fortianalyzer",6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-07-18T16:40:52.000Z,0
CVE-2021-26104,https://securityvulnerability.io/vulnerability/CVE-2021-26104,OS Command Injection Vulnerabilities in FortiManager and FortiAnalyzer,"Multiple vulnerabilities exist within the command line interface of FortiManager, FortiAnalyzer, and FortiPortal. These vulnerabilities allow a local authenticated and unprivileged user the ability to craft specific command line parameters, thereby executing arbitrary shell commands with root privileges. This issue can lead to significant security risks, including unauthorized access and potential system compromise.",Fortinet,"Fortinet Fortimanager, Fortianalyzer, Fortiportal",7.8,HIGH,0.010730000212788582,false,,false,false,false,,,false,false,,2022-04-06T16:00:20.000Z,0
CVE-2022-22303,https://securityvulnerability.io/vulnerability/CVE-2022-22303,Sensitive System Information Exposure in FortiManager by Fortinet,"The FortiManager product by Fortinet has a vulnerability that allows low privileged authenticated users to access sensitive credentials of FortiGate users by exploiting the configuration conflict files. This can lead to unauthorized access and manipulation of critical system information, highlighting the need for prompt updates to affected versions, namely FortiManager prior to versions 7.0.2, 6.4.7, and 6.2.9.",Fortinet,Fortinet Fortimanager,2.8,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-03-02T10:00:12.000Z,0
CVE-2022-22300,https://securityvulnerability.io/vulnerability/CVE-2022-22300,Improper Permissions Handling in Fortinet FortiAnalyzer and FortiManager Products,"The vulnerability in Fortinet's FortiAnalyzer and FortiManager products occurs due to improper handling of insufficient permissions, allowing an attacker to bypass device policies. This exploit enables unauthorized users to force a password change action for legitimate user accounts, potentially compromising system integrity and security. Versions of FortiAnalyzer and FortiManager from 5.6.0 to 7.0.2 are affected, emphasizing the need for immediate attention to secure environments utilizing these products.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",4.3,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-03-01T18:25:16.000Z,0
CVE-2021-36192,https://securityvulnerability.io/vulnerability/CVE-2021-36192,Sensitive Information Exposure in FortiManager by Fortinet,"The vulnerability in FortiManager allows unauthorized FortiGate users to access sensitive scripts from other ADOMs, potentially compromising security controls and data confidentiality. This exposure poses a risk to the integrity of network operations, enabling unauthorized manipulation or disclosure of sensitive configurations. It is crucial for organizations using affected versions to implement appropriate security measures to mitigate the risk of unauthorized access and to ensure compliance with best practices.",Fortinet,Fortinet Fortimanager,5.2,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-11-03T10:17:20.000Z,0
CVE-2021-26107,https://securityvulnerability.io/vulnerability/CVE-2021-26107,Improper Access Control in Fortinet FortiManager Product,Fortinet's FortiManager versions 6.4.4 and 6.4.5 are susceptible to an improper access control vulnerability that allows an authenticated attacker with a restricted user profile to manipulate the VPN tunnel status across different Virtual Domains (VDOMs) via the VPN Manager interface. This flaw could lead to unauthorized changes affecting the security configuration and network integrity.,Fortinet,Fortinet Fortimanager,6.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-11-02T17:51:44.000Z,0
CVE-2021-36170,https://securityvulnerability.io/vulnerability/CVE-2021-36170,Information Disclosure Vulnerability in FortiAnalyzerVM and FortiManagerVM by Fortinet,"An information disclosure vulnerability has been identified in FortiAnalyzerVM and FortiManagerVM that may enable an authenticated attacker to access FortiCloud credentials in cleartext. This information can be exploited by malicious actors if they gain access to the affected systems, potentially compromising the security of the trial license activation process.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",3.2,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-10-06T09:22:29.000Z,0
CVE-2021-24017,https://securityvulnerability.io/vulnerability/CVE-2021-24017,Improper Authentication in Fortinet FortiManager Affects Multiple Versions,"An improper authentication vulnerability exists in Fortinet's FortiManager, allowing unauthorized users to manipulate Arbitarity Policy and Object modules by sending specially crafted requests to the request handler. This could lead to significant security risks, enabling unauthorized access and modification of system configurations.",Fortinet,Fortinet Fortimanager,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-09-30T15:21:03.000Z,0
CVE-2021-24016,https://securityvulnerability.io/vulnerability/CVE-2021-24016,Improper Neutralization Vulnerability in Fortinet FortiManager,"The vulnerability in Fortinet FortiManager arises from improper neutralization of formula elements in CSV files, specifically in versions 6.4.3 and below, as well as 6.2.7 and below. This flaw allows attackers to exploit crafted IPv4 fields within policy names. When these maliciously crafted files are exported and subsequently opened on a victim's system, it can lead to arbitrary command execution. Users must exercise caution when handling CSV files from unknown or untrusted sources to mitigate potential risks.",Fortinet,Fortinet Fortimanager,3.7,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-09-30T15:18:38.000Z,0
CVE-2021-24006,https://securityvulnerability.io/vulnerability/CVE-2021-24006,Improper Access Control in FortiManager by Fortinet,"An improper access control vulnerability exists in FortiManager versions 6.4.0 to 6.4.3, allowing authenticated attackers with limited privileges to gain unauthorized access to the SD-WAN Orchestrator panel by directly navigating to the corresponding URL. This flaw could potentially facilitate further exploitation of the system.",Fortinet,Fortinet Fortimanager,6.3,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2021-09-06T18:56:19.000Z,0
CVE-2021-32587,https://securityvulnerability.io/vulnerability/CVE-2021-32587,Improper Access Control in FortiManager and FortiAnalyzer by Fortinet,"An improper access control vulnerability exists in the GUI interface of FortiManager and FortiAnalyzer, allowing a remote authenticated user with restricted privileges to access and enumerate sensitive information. Specifically, this flaw could enable attackers to retrieve a list of administrative users across other ADOMs and their associated configurations, potentially leading to unauthorized access and elevation of privileges. Organizations using affected versions should prioritize remediation to safeguard sensitive user information and maintain security integrity. For detailed information, please refer to the advisory at Fortiguard.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-08-06T10:51:07.000Z,0
CVE-2021-32597,https://securityvulnerability.io/vulnerability/CVE-2021-32597,Cross Site Scripting Vulnerability in FortiManager and FortiAnalyzer by Fortinet,"A vulnerability exists in FortiManager and FortiAnalyzer that allows for improper neutralization of input when generating web pages. This may enable an authenticated remote attacker to exploit this flaw, permitting them to inject malicious scripts into GET parameters. Success in this attack can lead to the execution of arbitrary JavaScript code in the context of the victim's browser session, potentially compromising sensitive user data.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",4.6,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2021-08-06T10:48:20.000Z,0
CVE-2021-32603,https://securityvulnerability.io/vulnerability/CVE-2021-32603,Server-Side Request Forgery in FortiManager and FortiAnalyser,"A server-side request forgery (SSRF) vulnerability exists in FortiManager and FortiAnalyser, allowing authenticated attackers to craft specific web requests that may expose unauthorized files and services on the system. This vulnerability could be exploited by an attacker to access sensitive resources, potentially leading to further system compromises. Proper input validation and robust security measures are vital to mitigate such risks.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",8.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-08-05T10:41:00.000Z,0
CVE-2021-32598,https://securityvulnerability.io/vulnerability/CVE-2021-32598,HTTP Response Splitting Vulnerability in Fortinet FortiManager and FortiAnalyzer,"This vulnerability arises from inadequate handling of CRLF sequences in HTTP headers within the FortiManager and FortiAnalyzer graphical user interfaces. An authenticated attacker can exploit this weakness by initiating an HTTP request splitting attack, which allows them to manipulate the response headers and body. This can lead to various security risks, including controlling the response sent by the affected system.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2021-08-05T10:35:45.000Z,0
CVE-2021-24022,https://securityvulnerability.io/vulnerability/CVE-2021-24022,Buffer Overflow Vulnerability in Fortinet FortiAnalyzer and FortiManager Products,"A buffer overflow vulnerability exists in Fortinet's FortiAnalyzer and FortiManager Command Line Interface (CLI). This issue can be exploited by an authenticated local attacker who executes the 'diagnose system geoip-city' command with a disproportionately large IP value, potentially leading to a Denial of Service. Affected versions include FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, and 6.0.x, as well as FortiManager CLI 6.4.5 and below, 6.2.7 and below, and 6.0.x. Users are advised to apply the appropriate updates to mitigate this risk.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-07-20T10:32:49.000Z,0
CVE-2020-12811,https://securityvulnerability.io/vulnerability/CVE-2020-12811,Cross-Site Scripting Vulnerability in FortiManager and FortiAnalyzer Products,"An improper handling of script-related HTML tags in web pages of FortiManager and FortiAnalyzer products allows malicious actors to inject and execute arbitrary scripts through the Identify Provider name field. This vulnerability could lead to unauthorized actions, data loss, or exposure of sensitive information from users interacting with the compromised web interface.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-09-24T13:36:12.000Z,0
CVE-2020-9289,https://securityvulnerability.io/vulnerability/CVE-2020-9289,Hard-coded Cryptographic Key Vulnerability in Fortinet's FortiManager and FortiAnalyzer,"The vulnerability arises from the use of a hard-coded cryptographic key within the CLI configuration of FortiManager and FortiAnalyzer, versions 6.2.3 and earlier. This issue permits an attacker with access to either the CLI configuration or a backup file to potentially decrypt sensitive data, leading to unauthorized access to crucial information. The presence of a hard-coded key significantly undermines the integrity of password encryption and poses risks to the security of the devices.",Fortinet,Fortinet Fortimanager,7.5,HIGH,0.0013099999632686377,false,,false,false,true,2023-06-30T08:48:37.000Z,true,false,false,,2020-06-16T20:12:40.000Z,0
CVE-2019-17657,https://securityvulnerability.io/vulnerability/CVE-2019-17657,"Uncontrolled Resource Consumption in Fortinet FortiSwitch, FortiAnalyzer, FortiManager, and FortiAP","An Uncontrolled Resource Consumption vulnerability exists in Fortinet's FortiSwitch, FortiAnalyzer, FortiManager, and FortiAP products. This issue allows an attacker to exploit specially crafted HTTP requests and responses, leading to a Denial of Service (DoS) condition on the admin webUI. The vulnerability is particularly sensitive to Slow HTTP DoS attacks, which can disrupt the normal operation of these devices and affect service availability.",Fortinet,"Fortinet Fortiswitch,Fortianalyzer,Fortimanager,Fortiap-s/w2",7.5,HIGH,0.0022299999836832285,false,,false,false,false,,,false,false,,2020-04-07T17:11:07.000Z,0
CVE-2019-17654,https://securityvulnerability.io/vulnerability/CVE-2019-17654,Cross-Site WebSocket Hijacking Vulnerability in FortiManager by Fortinet,"FortiManager is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) due to insufficient verification of data authenticity. This flaw could enable an unauthenticated attacker to hijack WebSocket connections, potentially leading to unauthorized access or data manipulation. Ensure that you are using updated versions of FortiManager to mitigate this security risk.",Fortinet,Fortinet Fortimanager,8.8,HIGH,0.001990000018849969,false,,false,false,false,,,false,false,,2020-03-15T22:20:58.000Z,0
CVE-2019-6695,https://securityvulnerability.io/vulnerability/CVE-2019-6695,Insecure Root File System in Fortinet FortiManager VM Application Images,"The FortiManager VM application images suffer from a lack of root file system integrity checking, specifically in versions 6.2.0, 6.0.6, and earlier. This vulnerability could potentially allow attackers to create and implement unauthorized third-party programs by manipulating the image using certain techniques. This security flaw underscores the importance of robust integrity checks to prevent unauthorized modifications.",Fortinet,Fortinet Fortimanager,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2019-08-23T20:07:33.000Z,0
CVE-2018-1360,https://securityvulnerability.io/vulnerability/CVE-2018-1360,Cleartext Transmission Vulnerability in Fortinet FortiManager,"A vulnerability in Fortinet FortiManager products allows an unauthorized attacker to intercept sensitive information, such as admin passwords, through unprotected REST API JSON responses. This occurs in versions 5.2.0 to 5.2.7 and 5.4.0 to 5.4.1, potentially compromising system security in a man-in-the-middle attack scenario. Users are recommended to secure their communications to prevent unauthorized data access.",Fortinet,Fortinet Fortimanager,8.1,HIGH,0.0014299999456852674,false,,false,false,false,,,false,false,,2019-04-25T17:08:07.000Z,0
CVE-2017-17541,https://securityvulnerability.io/vulnerability/CVE-2017-17541,,"A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",6.1,MEDIUM,0.001019999966956675,false,,false,false,false,,,false,false,,2018-07-16T20:00:00.000Z,0
CVE-2018-1351,https://securityvulnerability.io/vulnerability/CVE-2018-1351,,"A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log.",Fortinet,Fortinet Fortimanager,4.8,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2018-06-28T15:29:00.000Z,0