cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-29055,https://securityvulnerability.io/vulnerability/CVE-2022-29055,Access of Uninitialized Pointer Vulnerability in FortiOS and FortiProxy by Fortinet,"An access of uninitialized pointer vulnerability in Fortinet's FortiOS and FortiProxy allows an unauthenticated or authenticated attacker to exploit the sslvpn daemon. This can lead to a crash of the service through a specially crafted HTTP GET request, compromising availability and potentially impacting operations. Users are encouraged to review their configurations and apply the necessary patches to mitigate this risk.",Fortinet,"Fortinet FortiOS, Fortiproxy",7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-10-18T15:15:00.000Z,0
CVE-2022-40684,https://securityvulnerability.io/vulnerability/CVE-2022-40684,Fortinet Authentication Bypass Vulnerability,"An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.",Fortinet,"Fortinet FortiOS, Fortiproxy, Fortiswitchmanager",9.8,CRITICAL,0.9724299907684326,true,2022-10-11T00:00:00.000Z,false,true,true,2022-10-11T00:00:00.000Z,true,false,false,,2022-10-18T00:00:00.000Z,46
CVE-2022-22299,https://securityvulnerability.io/vulnerability/CVE-2022-22299,Format String Vulnerability in Fortinet Products,"A format string vulnerability exists in the command line interpreter of multiple Fortinet products, including FortiADC, FortiOS, FortiProxy, and FortiMail. This vulnerability allows an authenticated user to exploit the issue by sending specially crafted command arguments, potentially leading to unauthorized code execution or command execution on the affected systems. This poses a significant risk to the integrity and security of the network environment, making it essential for users to ensure that all affected products are updated to secure versions.",Fortinet,"Fortinet Fortiadc, Fortiproxy, Fortimail, FortiOS",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-08-05T15:23:52.000Z,0
CVE-2021-42755,https://securityvulnerability.io/vulnerability/CVE-2021-42755,Integer Overflow Vulnerability in Fortinet Products,"An integer overflow vulnerability in several Fortinet products, including FortiSwitch, FortiRecorder, FortiOS, FortiProxy, and FortiVoiceEnterprise, may allow an unauthenticated network-adjacent attacker to exploit the dhcpd daemon, potentially resulting in a denial of service. This could enable attackers to crash the service, disrupting network activities.",Fortinet,"Fortinet Fortiswitch, Fortirecorder, Fortivoiceenterprise, FortiOS, Fortiproxy",4.3,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2022-07-18T17:15:00.000Z,0
CVE-2021-44170,https://securityvulnerability.io/vulnerability/CVE-2021-44170,Stack-based Buffer Overflow in FortiOS and FortiProxy Products,"A stack-based buffer overflow vulnerability exists in the command line interpreter of FortiOS and FortiProxy. An attacker with authenticated access can exploit this flaw by supplying specially crafted command line arguments, which could enable them to execute unauthorized code or commands, potentially compromising system integrity and confidentiality.",Fortinet,"Fortinet Fortiproxy, FortiOS",6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-07-18T16:35:11.000Z,0
CVE-2021-43206,https://securityvulnerability.io/vulnerability/CVE-2021-43206,Sensitive Information Disclosure in Fortinet FortiOS and FortiProxy Products,"A vulnerability in Fortinet's FortiOS and FortiProxy allows attackers to exploit server-generated error messages that disclose sensitive information. Specifically, the flaw exists in versions 7.0.0 through 7.0.3 and earlier versions of FortiOS, as well as specific FortiProxy versions. This vulnerability can be exploited by malicious web servers to retrieve client usernames and IP addresses through same-origin HTTP requests that trigger proxy-generated HTTP status code pages.",Fortinet,"Fortinet FortiOS, Fortiproxy",4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-05-04T15:25:26.000Z,0
CVE-2021-26092,https://securityvulnerability.io/vulnerability/CVE-2021-26092,Reflected Cross-site Scripting Vulnerability in FortiOS and FortiProxy,"A vulnerability exists in the SSL VPN web portal of FortiOS and FortiProxy due to insufficient input sanitization. Attackers can exploit this flaw by sending crafted requests with malicious GET parameters to the error page, enabling them to perform reflected Cross-site Scripting (XSS) attacks. This allows for unauthorized access and control over the web portal, potentially compromising sensitive information and functionalities.",Fortinet,"Fortinet FortiOS, Fortiproxy",4.7,MEDIUM,0.0014700000174343586,false,,false,false,false,,,false,false,,2022-02-24T02:45:57.000Z,0
CVE-2021-26110,https://securityvulnerability.io/vulnerability/CVE-2021-26110,Improper Access Control in FortiOS and FortiProxy Products,"An improper access control vulnerability exists in FortiOS autod daemon and FortiProxy products, which may permit a low-privileged authenticated attacker to escalate privileges to super_admin. This can occur through a specifically crafted configuration of fabric automation CLI scripts and auto-script features, potentially compromising device integrity and security. Users are encouraged to review their configurations and apply the necessary patches to mitigate this risk.",Fortinet,"Fortinet FortiOS, Fortiproxy",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-12-08T10:41:25.000Z,0
CVE-2019-17656,https://securityvulnerability.io/vulnerability/CVE-2019-17656,Stack-based Buffer Overflow in Fortinet's FortiOS and FortiProxy Service,"A Stack-based Buffer Overflow vulnerability exists in the HTTPD daemon of Fortinet products including FortiOS and FortiProxy, specifically affecting versions 6.0.10 and below, 6.2.2 and below for FortiOS, and multiple versions of FortiProxy. This vulnerability allows an authenticated remote attacker to potentially crash the service by sending a specially crafted malformed PUT request. While Fortinet has not confirmed any successful exploitation leading to code execution, the threat remains significant for affected users and organizations relying on these services.",Fortinet,"Fortinet Fortiproxy, FortiOS",5.4,MEDIUM,0.0014400000218302011,false,,false,false,false,,,false,false,,2021-04-12T14:14:42.000Z,0
CVE-2019-17655,https://securityvulnerability.io/vulnerability/CVE-2019-17655,Cleartext Storage Vulnerability in FortiOS SSL VPN and FortiProxy Products,"A vulnerability exists in certain versions of FortiOS SSL VPN and FortiProxy where user credentials are stored in cleartext. If an attacker gains access to the device's file system, they may retrieve sensitive login information of sessions, posing a significant risk to user security and data integrity. This issue affects multiple versions, which raises concerns for organizations using these solutions for secure remote access.",Fortinet,Fortinet FortiOS And Fortiproxy,5.3,MEDIUM,0.0017800000496208668,false,,false,false,false,,,false,false,,2020-06-16T20:14:55.000Z,0
CVE-2018-13382,https://securityvulnerability.io/vulnerability/CVE-2018-13382,Improper Authorization Vulnerability in Fortinet FortiOS and FortiProxy,"An improper authorization vulnerability exists in Fortinet FortiOS versions between 6.0.0 and 6.0.4, as well as earlier versions from 5.4.1 to 5.4.10 and 5.6.0 to 5.6.8. This vulnerability affects the SSL VPN web portal, allowing an unauthenticated attacker to modify user passwords through specially crafted HTTP requests. The exploitation of this flaw could lead to unauthorized access to user accounts, posing a significant risk to the security of the affected systems.",Fortinet,"Fortinet FortiOS, Fortiproxy",7.5,HIGH,0.4861699938774109,true,2022-01-10T00:00:00.000Z,false,true,true,2021-04-28T19:17:04.000Z,true,false,false,,2019-06-04T20:33:53.000Z,0
CVE-2018-13381,https://securityvulnerability.io/vulnerability/CVE-2018-13381,Buffer Overflow Vulnerability in Fortinet FortiOS and FortiProxy Products,"A buffer overflow vulnerability exists in Fortinet FortiOS versions 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, and 5.4 and earlier, along with FortiProxy versions 2.0.0 and 1.2.8 and earlier. This flaw is found in the SSL VPN web portal, where an unauthenticated attacker can exploit the vulnerability using specially crafted message payloads. Successful exploitation can lead to a Denial-of-Service attack, potentially compromising system availability.",Fortinet,Fortinet FortiOS And Fortiproxy,5.3,MEDIUM,0.0011599999852478504,false,,false,false,false,,,false,false,,2019-06-04T20:26:34.000Z,0
CVE-2018-13379,https://securityvulnerability.io/vulnerability/CVE-2018-13379,Path Traversal Vulnerability in Fortinet FortiOS and FortiProxy Products,"An improper limitation of a pathname to a restricted directory exists in Fortinet's FortiOS and FortiProxy products. This flaw, found in versions 6.0.0 through 6.0.4, 5.6.3 through 5.6.7, and 5.4.6 through 5.4.12 for FortiOS, as well as various versions of FortiProxy, allows unauthenticated attackers to exploit the SSL VPN web portal. By crafting specific HTTP resource requests, attackers can gain unauthorized access to system files, posing a significant threat to the integrity and confidentiality of sensitive information.",Fortinet,"Fortinet FortiOS, Fortiproxy",9.8,CRITICAL,0.9692400097846985,true,2021-11-03T00:00:00.000Z,false,true,true,2021-11-03T00:00:00.000Z,true,false,false,,2019-06-04T20:18:08.000Z,0
CVE-2018-13380,https://securityvulnerability.io/vulnerability/CVE-2018-13380,Cross-site Scripting Vulnerability in Fortinet FortiOS and FortiProxy,"A Cross-site Scripting (XSS) vulnerability exists in Fortinet's FortiOS and FortiProxy products that could allow an attacker to execute unauthorized script code. This risk arises from improper handling of error messages and parameters within the SSL VPN web portal, affecting several versions of the software. Exploitation of this vulnerability could lead to significant security concerns, including data theft and unauthorized access to sensitive user information.",Fortinet,Fortinet FortiOS And Fortiproxy,4.7,MEDIUM,0.01978999935090542,false,,false,false,false,,,false,false,,2019-06-04T20:12:06.000Z,0
CVE-2018-13383,https://securityvulnerability.io/vulnerability/CVE-2018-13383,Heap Buffer Overflow in Fortinet FortiOS and FortiProxy Products,"A heap buffer overflow vulnerability exists in Fortinet FortiOS and FortiProxy products affecting the SSL VPN web portal. This flaw arises from improper handling of JavaScript href data while proxying web pages, potentially leading to service termination for logged-in users.",Fortinet,Fortinet FortiOS And Fortiproxy,6.5,MEDIUM,0.013650000095367432,true,2022-01-10T00:00:00.000Z,false,true,true,2022-01-10T00:00:00.000Z,,false,false,,2019-05-29T17:20:03.000Z,0