cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-38380,https://securityvulnerability.io/vulnerability/CVE-2022-38380,,An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API.,Fortinet,Fortinet FortiOS,4.3,MEDIUM,0.0008200000156648457,false,false,false,false,,false,false,2022-11-02T00:00:00.000Z,0
CVE-2022-30307,https://securityvulnerability.io/vulnerability/CVE-2022-30307,,"A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack.",Fortinet,Fortinet FortiOS,3.9,LOW,0.0021899999119341373,false,false,false,false,,false,false,2022-11-02T00:00:00.000Z,0
CVE-2022-26122,https://securityvulnerability.io/vulnerability/CVE-2022-26122,,"An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.",Fortinet,"Fortinet Av Engine, Fortimail, FortiOS, Forticlient",4.7,MEDIUM,0.0007300000288523734,false,false,false,false,,false,false,2022-11-02T00:00:00.000Z,0
CVE-2022-35842,https://securityvulnerability.io/vulnerability/CVE-2022-35842,,"An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.",Fortinet,Fortinet FortiOS,3.7,LOW,0.00279999990016222,false,false,false,false,,false,false,2022-11-02T00:00:00.000Z,0
CVE-2022-29055,https://securityvulnerability.io/vulnerability/CVE-2022-29055,,"A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request.",Fortinet,"Fortinet FortiOS, Fortiproxy",7.5,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2022-10-18T15:15:00.000Z,0
CVE-2022-40684,https://securityvulnerability.io/vulnerability/CVE-2022-40684,,"An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.",Fortinet,"Fortinet FortiOS, Fortiproxy, Fortiswitchmanager",9.8,CRITICAL,0.9725800156593323,true,false,true,true,true,false,false,2022-10-18T00:00:00.000Z,0
CVE-2021-44171,https://securityvulnerability.io/vulnerability/CVE-2021-44171,,"A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.",Fortinet,Fortinet FortiOS,9,CRITICAL,0.0004400000034365803,false,false,false,false,,false,false,2022-10-10T00:00:00.000Z,0
CVE-2021-43080,https://securityvulnerability.io/vulnerability/CVE-2021-43080,,"An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors.",Fortinet,Fortinet FortiOS,4.6,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-09-06T15:15:23.000Z,0
CVE-2022-29053,https://securityvulnerability.io/vulnerability/CVE-2022-29053,,"A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it.",Fortinet,Fortinet FortiOS,2.3,LOW,0.0004400000034365803,false,false,false,false,,false,false,2022-09-06T15:10:19.000Z,0
CVE-2022-27491,https://securityvulnerability.io/vulnerability/CVE-2022-27491,,"A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of ""blocked page"" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim.",Fortinet,Fortinet FortiOS,6.8,MEDIUM,0.0009500000160187483,false,false,false,false,,false,false,2022-09-06T15:10:10.000Z,0
CVE-2022-22299,https://securityvulnerability.io/vulnerability/CVE-2022-22299,,"A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.",Fortinet,"Fortinet Fortiadc, Fortiproxy, Fortimail, FortiOS",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2022-08-05T15:23:52.000Z,0
CVE-2022-23442,https://securityvulnerability.io/vulnerability/CVE-2022-23442,,"An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.",Fortinet,Fortinet FortiOS,4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-08-03T13:20:27.000Z,0
CVE-2021-42755,https://securityvulnerability.io/vulnerability/CVE-2021-42755,,"An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.",Fortinet,"Fortinet Fortiswitch, Fortirecorder, Fortivoiceenterprise, FortiOS, Fortiproxy",4.3,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-07-18T17:15:00.000Z,0
CVE-2022-23438,https://securityvulnerability.io/vulnerability/CVE-2022-23438,,An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page.,Fortinet,Fortinet FortiOS,4.7,MEDIUM,0.0008099999977275729,false,false,false,false,,false,false,2022-07-18T16:40:44.000Z,0
CVE-2021-44170,https://securityvulnerability.io/vulnerability/CVE-2021-44170,,A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.,Fortinet,"Fortinet Fortiproxy, FortiOS",6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-07-18T16:35:11.000Z,0
CVE-2022-22306,https://securityvulnerability.io/vulnerability/CVE-2022-22306,,"An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.",Fortinet,Fortinet FortiOS,5.4,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2022-05-24T14:35:10.000Z,0
CVE-2021-43206,https://securityvulnerability.io/vulnerability/CVE-2021-43206,,"A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.",Fortinet,"Fortinet FortiOS, Fortiproxy",4.3,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2022-05-04T15:25:26.000Z,0
CVE-2021-41032,https://securityvulnerability.io/vulnerability/CVE-2021-41032,,An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.,Fortinet,Fortinet FortiOS,6.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-05-04T15:25:15.000Z,0
CVE-2020-15936,https://securityvulnerability.io/vulnerability/CVE-2020-15936,,"A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets.",Fortinet,Fortinet FortiOS,2.6,LOW,0.0004400000034365803,false,false,false,false,,false,false,2022-03-01T18:25:27.000Z,0
CVE-2021-26092,https://securityvulnerability.io/vulnerability/CVE-2021-26092,,"Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.",Fortinet,"Fortinet FortiOS, Fortiproxy",4.7,MEDIUM,0.0014700000174343586,false,false,false,false,,false,false,2022-02-24T02:45:57.000Z,0
CVE-2021-44168,https://securityvulnerability.io/vulnerability/CVE-2021-44168,,"A download of code without integrity check vulnerability in the ""execute restore src-vis"" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.",Fortinet,Fortinet FortiOS,7.8,HIGH,0.0014700000174343586,true,false,false,true,true,false,false,2022-01-04T12:38:04.000Z,0
CVE-2021-36169,https://securityvulnerability.io/vulnerability/CVE-2021-36169,,"A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations.",Fortinet,Fortinet FortiOS,4.2,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2021-12-13T13:48:50.000Z,0
CVE-2021-36173,https://securityvulnerability.io/vulnerability/CVE-2021-36173,,"A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.",Fortinet,Fortinet FortiOS,8,HIGH,0.0040799998678267,false,false,false,false,,false,false,2021-12-08T18:42:56.000Z,0
CVE-2021-26109,https://securityvulnerability.io/vulnerability/CVE-2021-26109,,"An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.",Fortinet,Fortinet FortiOS,8.1,HIGH,0.0030499999411404133,false,false,false,false,,false,false,2021-12-08T12:22:19.000Z,0
CVE-2021-26108,https://securityvulnerability.io/vulnerability/CVE-2021-26108,,A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering.,Fortinet,Fortinet FortiOS,7.5,HIGH,0.002199999988079071,false,false,false,false,,false,false,2021-12-08T12:16:03.000Z,0