cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-26122,https://securityvulnerability.io/vulnerability/CVE-2022-26122,"Insufficient Data Verification in Fortinet’s FortiClient, FortiMail, and FortiOS Products","Fortinet has identified a vulnerability within its FortiClient, FortiMail, and FortiOS products that stems from inadequate verification of data authenticity. This flaw can be exploited by attackers who manipulate MIME attachments by introducing junk and pad characters in base64 encoding. As a result, the affected AV engines, specifically versions 6.2.168 and below, and 6.4.274 and below, may be circumvented, allowing potential unauthorized actions and data breaches. Users are urged to review the impact of this vulnerability and take appropriate measures.",Fortinet,"Fortinet Av Engine, Fortimail, FortiOS, Forticlient",4.7,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-35842,https://securityvulnerability.io/vulnerability/CVE-2022-35842,Sensitive Information Exposure in FortiOS SSL-VPN by Fortinet,"A vulnerability in FortiOS SSL-VPN could allow unauthorized access to sensitive information, including configuration settings for LDAP and SAML. This issue affects multiple versions of FortiOS, specifically those in the ranges of 7.2.0, 7.0.0 through 7.0.6, and 6.4.0 through 6.4.9. Consequently, a remote unauthenticated attacker might exploit this vulnerability to gather critical information that could aid in further attacks.",Fortinet,Fortinet FortiOS,3.7,LOW,0.0030900000128895044,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-30307,https://securityvulnerability.io/vulnerability/CVE-2022-30307,Key Management Error in FortiOS by Fortinet,"FortiOS, the operating system for Fortinet's security appliances, is susceptible to a key management error that impacts the RSA SSH host key. This vulnerability may enable unauthenticated attackers to execute man-in-the-middle attacks, compromising secure communications. Users are advised to update to the latest versions to mitigate this risk.",Fortinet,Fortinet FortiOS,3.9,LOW,0.0021899999119341373,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-38380,https://securityvulnerability.io/vulnerability/CVE-2022-38380,Improper Access Control in FortiOS Affects Remote Users,"An improper access control vulnerability exists in FortiOS versions 7.2.0 and 7.0.0 through 7.0.7, which could allow a remote authenticated user with read-only privileges to modify interface settings through the API. This flaw poses a security risk by enabling unauthorized alterations, potentially compromising the integrity of device configurations.",Fortinet,Fortinet FortiOS,4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-29055,https://securityvulnerability.io/vulnerability/CVE-2022-29055,Access of Uninitialized Pointer Vulnerability in FortiOS and FortiProxy by Fortinet,"An access of uninitialized pointer vulnerability in Fortinet's FortiOS and FortiProxy allows an unauthenticated or authenticated attacker to exploit the sslvpn daemon. This can lead to a crash of the service through a specially crafted HTTP GET request, compromising availability and potentially impacting operations. Users are encouraged to review their configurations and apply the necessary patches to mitigate this risk.",Fortinet,"Fortinet FortiOS, Fortiproxy",7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-10-18T15:15:00.000Z,0
CVE-2022-40684,https://securityvulnerability.io/vulnerability/CVE-2022-40684,Fortinet Authentication Bypass Vulnerability,"An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.",Fortinet,"Fortinet FortiOS, Fortiproxy, Fortiswitchmanager",9.8,CRITICAL,0.9724299907684326,true,2022-10-11T00:00:00.000Z,false,true,true,2022-10-11T00:00:00.000Z,true,false,false,,2022-10-18T00:00:00.000Z,46
CVE-2021-44171,https://securityvulnerability.io/vulnerability/CVE-2021-44171,OS Command Injection Vulnerability in Fortinet FortiOS,"An OS command injection vulnerability exists in Fortinet FortiOS that affects multiple versions. This flaw allows attackers to execute privileged commands on a connected FortiSwitch by leveraging diagnostic CLI commands. Exploiting this vulnerability could lead to unauthorized command execution, potentially compromising system integrity and security.",Fortinet,Fortinet FortiOS,9,CRITICAL,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-10-10T00:00:00.000Z,0
CVE-2021-43080,https://securityvulnerability.io/vulnerability/CVE-2021-43080,Stored Cross-Site Scripting Vulnerability in FortiOS by Fortinet,"FortiOS versions, including 7.2.0 and multiple iterations of 6.4.x and 7.0.x, possess a vulnerability that allows authenticated attackers to execute stored cross-site scripting (XSS) attacks. This occurs through improper input handling in the URI parameter located in the Threat Feed IP address section of Security Fabric External connectors, potentially compromising the safety of users interacting with affected systems.",Fortinet,Fortinet FortiOS,4.6,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-09-06T15:15:23.000Z,0
CVE-2022-29053,https://securityvulnerability.io/vulnerability/CVE-2022-29053,Missing Cryptographic Steps in Fortinet FortiOS Products,"A missing cryptographic steps vulnerability exists in the encryption functions of keytab files in FortiOS versions 7.2.0 and 7.0.0 through 7.0.5. This flaw may enable an attacker who possesses the encrypted keytab file to successfully decipher its contents, potentially leading to unauthorized access or exposure of sensitive information.",Fortinet,Fortinet FortiOS,2.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-09-06T15:10:19.000Z,0
CVE-2022-27491,https://securityvulnerability.io/vulnerability/CVE-2022-27491,Improper Verification Vulnerability in Fortinet FortiOS,"A vulnerability in Fortinet's FortiOS allows remote, unauthenticated attackers to exploit improper source verification in the IPS engine. This can lead to the triggering of 'blocked page' HTML data being sent to targeted victims via crafted TCP requests, potentially overwhelming them with unwanted traffic.",Fortinet,Fortinet FortiOS,6.8,MEDIUM,0.0009500000160187483,false,,false,false,false,,,false,false,,2022-09-06T15:10:10.000Z,0
CVE-2022-22299,https://securityvulnerability.io/vulnerability/CVE-2022-22299,Format String Vulnerability in Fortinet Products,"A format string vulnerability exists in the command line interpreter of multiple Fortinet products, including FortiADC, FortiOS, FortiProxy, and FortiMail. This vulnerability allows an authenticated user to exploit the issue by sending specially crafted command arguments, potentially leading to unauthorized code execution or command execution on the affected systems. This poses a significant risk to the integrity and security of the network environment, making it essential for users to ensure that all affected products are updated to secure versions.",Fortinet,"Fortinet Fortiadc, Fortiproxy, Fortimail, FortiOS",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-08-05T15:23:52.000Z,0
CVE-2022-23442,https://securityvulnerability.io/vulnerability/CVE-2022-23442,Access Control Flaw in FortiOS by Fortinet,"An improper access control vulnerability exists in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.5. This vulnerability could allow an authenticated attacker with limited privileges to execute specific command line interface (CLI) commands, potentially exposing checksum information of other Virtual Domains (VDOMs). This poses a significant risk as it may lead to unauthorized information disclosure, impacting the confidentiality and integrity of the system.",Fortinet,Fortinet FortiOS,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-08-03T13:20:27.000Z,0
CVE-2021-42755,https://securityvulnerability.io/vulnerability/CVE-2021-42755,Integer Overflow Vulnerability in Fortinet Products,"An integer overflow vulnerability in several Fortinet products, including FortiSwitch, FortiRecorder, FortiOS, FortiProxy, and FortiVoiceEnterprise, may allow an unauthenticated network-adjacent attacker to exploit the dhcpd daemon, potentially resulting in a denial of service. This could enable attackers to crash the service, disrupting network activities.",Fortinet,"Fortinet Fortiswitch, Fortirecorder, Fortivoiceenterprise, FortiOS, Fortiproxy",4.3,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2022-07-18T17:15:00.000Z,0
CVE-2022-23438,https://securityvulnerability.io/vulnerability/CVE-2022-23438,Cross-site Scripting Vulnerability in FortiOS by Fortinet,"A cross-site scripting vulnerability exists in FortiOS, where insufficient input handling can lead to XSS in the captive portal authentication replacement page. This allows unauthenticated remote attackers to execute arbitrary scripts in users' browsers, potentially compromising sensitive information or hijacking user sessions.",Fortinet,Fortinet FortiOS,4.7,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-07-18T16:40:44.000Z,0
CVE-2021-44170,https://securityvulnerability.io/vulnerability/CVE-2021-44170,Stack-based Buffer Overflow in FortiOS and FortiProxy Products,"A stack-based buffer overflow vulnerability exists in the command line interpreter of FortiOS and FortiProxy. An attacker with authenticated access can exploit this flaw by supplying specially crafted command line arguments, which could enable them to execute unauthorized code or commands, potentially compromising system integrity and confidentiality.",Fortinet,"Fortinet Fortiproxy, FortiOS",6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-07-18T16:35:11.000Z,0
CVE-2022-22306,https://securityvulnerability.io/vulnerability/CVE-2022-22306,Improper Certificate Validation in FortiOS Products by Fortinet,"An improper certificate validation vulnerability exists in specific versions of FortiOS, potentially enabling an unauthenticated network-adjacent attacker to conduct man-in-the-middle attacks. This flaw permits interception and manipulation of communications between FortiGate devices and peer systems, including private software-defined networks (SDNs) and external cloud services, posing significant risks to data integrity and confidentiality.",Fortinet,Fortinet FortiOS,5.4,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2022-05-24T14:35:10.000Z,0
CVE-2021-43206,https://securityvulnerability.io/vulnerability/CVE-2021-43206,Sensitive Information Disclosure in Fortinet FortiOS and FortiProxy Products,"A vulnerability in Fortinet's FortiOS and FortiProxy allows attackers to exploit server-generated error messages that disclose sensitive information. Specifically, the flaw exists in versions 7.0.0 through 7.0.3 and earlier versions of FortiOS, as well as specific FortiProxy versions. This vulnerability can be exploited by malicious web servers to retrieve client usernames and IP addresses through same-origin HTTP requests that trigger proxy-generated HTTP status code pages.",Fortinet,"Fortinet FortiOS, Fortiproxy",4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-05-04T15:25:26.000Z,0
CVE-2021-41032,https://securityvulnerability.io/vulnerability/CVE-2021-41032,Improper Access Control in Fortinet FortiOS Affects Multiple Versions,"An improper access control vulnerability in FortiOS versions 6.4.8 and earlier, as well as 7.0.3 and earlier, could enable an authenticated attacker with limited user privileges to access sensitive information and manipulate the SSL-VPN tunnel status of other Virtual Domains (VDOMs) through specific command line interface (CLI) commands. This flaw compromises the integrity of user permissions and can potentially lead to unauthorized access and modifications within the network.",Fortinet,Fortinet FortiOS,6.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-05-04T15:25:15.000Z,0
CVE-2020-15936,https://securityvulnerability.io/vulnerability/CVE-2020-15936,Improper Input Validation in Fortinet FortiGate Firewall Products,"An improper input validation vulnerability in Fortinet's FortiGate firewalls allows attackers to exploit SNI Client Hello TLS packets, potentially disclosing sensitive information. This issue affects various versions of the FortiGate firewall, specifically those earlier than 6.4.3, 6.2.5, 6.0.11, and 5.6.13. Organizations utilizing these versions should apply the necessary updates to mitigate this exposure.",Fortinet,Fortinet FortiOS,2.6,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-03-01T18:25:27.000Z,0
CVE-2021-26092,https://securityvulnerability.io/vulnerability/CVE-2021-26092,Reflected Cross-site Scripting Vulnerability in FortiOS and FortiProxy,"A vulnerability exists in the SSL VPN web portal of FortiOS and FortiProxy due to insufficient input sanitization. Attackers can exploit this flaw by sending crafted requests with malicious GET parameters to the error page, enabling them to perform reflected Cross-site Scripting (XSS) attacks. This allows for unauthorized access and control over the web portal, potentially compromising sensitive information and functionalities.",Fortinet,"Fortinet FortiOS, Fortiproxy",4.7,MEDIUM,0.0014700000174343586,false,,false,false,false,,,false,false,,2022-02-24T02:45:57.000Z,0
CVE-2021-44168,https://securityvulnerability.io/vulnerability/CVE-2021-44168,Code Execution Vulnerability in FortiOS by Fortinet,"A vulnerability exists in FortiOS that allows local authenticated attackers to download arbitrary files via the 'execute restore src-vis' command. This issue stems from the absence of integrity checks when processing specially crafted update packages, potentially compromising the security of the affected device.",Fortinet,Fortinet FortiOS,7.8,HIGH,0.0014700000174343586,true,2021-12-10T00:00:00.000Z,false,false,true,2021-12-10T00:00:00.000Z,true,false,false,,2022-01-04T12:38:04.000Z,0
CVE-2021-36169,https://securityvulnerability.io/vulnerability/CVE-2021-36169,Unauthorized Code Execution Vulnerability in Fortinet FortiOS,"A vulnerability exists in Fortinet FortiOS that permits attackers to execute unauthorized code or commands through specific hex read/write operations. This flaw affects versions 7.x before 7.0.1 and 6.4.x before 6.4.7, compromising the integrity of the affected systems. It is crucial for organizations using these software versions to apply appropriate patches and security measures to protect against potential exploitation.",Fortinet,Fortinet FortiOS,4.2,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-12-13T13:48:50.000Z,0
CVE-2021-36173,https://securityvulnerability.io/vulnerability/CVE-2021-36173,Heap-Based Buffer Overflow in FortiOS Firmware Signature Verification,"A heap-based buffer overflow vulnerability exists in the firmware signature verification function of FortiOS, affecting various versions. This flaw may enable an attacker to craft malicious installation images, potentially leading to arbitrary code execution on the affected system. Proper updates and patches are necessary to mitigate this risk.",Fortinet,Fortinet FortiOS,8,HIGH,0.0040799998678267,false,,false,false,false,,,false,false,,2021-12-08T18:42:56.000Z,0
CVE-2021-26109,https://securityvulnerability.io/vulnerability/CVE-2021-26109,Integer Overflow Vulnerability in FortiOS SSLVPN by Fortinet,"An integer overflow vulnerability exists in the memory allocator of the SSLVPN component of FortiOS, prior to version 7.0.1. This flaw may permit an unauthenticated attacker to craft malicious requests to SSLVPN, leading to potential corruption of control data on the heap and enabling the execution of arbitrary code.",Fortinet,Fortinet FortiOS,8.1,HIGH,0.0030499999411404133,false,,false,false,false,,,false,false,,2021-12-08T12:22:19.000Z,0
CVE-2021-26108,https://securityvulnerability.io/vulnerability/CVE-2021-26108,Hard-Coded Cryptographic Key Vulnerability in FortiOS SSLVPN by Fortinet,"A flaw in FortiOS SSLVPN prior to version 7.0.1 involves the use of a hard-coded cryptographic key, which may be exposed through reverse engineering. This vulnerability could potentially allow attackers to access sensitive data, compromising the security and integrity of the affected systems.",Fortinet,Fortinet FortiOS,7.5,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2021-12-08T12:16:03.000Z,0