cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-23439,https://securityvulnerability.io/vulnerability/CVE-2022-23439,External Resource Referencing Vulnerability in Fortinet Products,"This vulnerability in Fortinet products allows attackers to perform web cache poisoning through specially crafted HTTP requests. By manipulating the 'Host' header to point to a malicious web server, an adversary can inject harmful resources into the cache, potentially impacting the integrity and availability of cached content for users. Multiple Fortinet products are affected, creating a significant security risk that necessitates prompt updates and remediation.",Fortinet,"Fortitester,FortiOS,Fortimail,Fortiswitch,Fortiddos-f,Fortiproxy,Fortirecorder,Fortindr,Fortiadc,Fortimanager,Fortisoar,Fortivoice,Fortiddos,Fortiwlc,Fortianalyzer,Fortiportal,Fortiauthenticator",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-22T10:15:00.000Z,0
CVE-2023-40716,https://securityvulnerability.io/vulnerability/CVE-2023-40716,Improper Neutralization Vulnerability in FortiTester by Fortinet,"An improper neutralization in the command line interpreter of FortiTester enables authenticated attackers to execute unauthorized commands. By crafting specific arguments during operations like restore or backup, an attacker can exploit this vulnerability, potentially gaining control over the affected system.",Fortinet,FortiTester,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-12-13T07:15:00.000Z,0
CVE-2023-40715,https://securityvulnerability.io/vulnerability/CVE-2023-40715,Cleartext Storage Vulnerability in FortiTester by Fortinet,"A cleartext storage of sensitive information vulnerability has been identified in FortiTester versions 2.3.0 through 7.2.3. This issue could allow an unauthorized attacker, with access to the database contents, to compromise system integrity by retrieving plaintext passwords of external servers that have been configured within the FortiTester device. Proper measures should be taken to secure sensitive data storage to prevent such risks.",Fortinet,Fortitester,5.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-09-13T13:15:00.000Z,0
CVE-2023-36642,https://securityvulnerability.io/vulnerability/CVE-2023-36642,OS Command Injection Vulnerability in FortiTester by Fortinet,"The vulnerability in FortiTester affects versions from 3.0.0 through 7.2.3, allowing authenticated attackers to exploit improper neutralization of special elements used in OS commands. By crafting specific arguments to existing commands, attackers can execute unauthorized commands through the management interface, posing a threat to the integrity and security of the system. This highlights the critical need for timely patches and security measures to mitigate risks associated with command injection attacks.",Fortinet,FortiTester,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-09-13T13:15:00.000Z,0
CVE-2023-40717,https://securityvulnerability.io/vulnerability/CVE-2023-40717,Use of Hard-Coded Credentials in FortiTester Products,"A vulnerability exists in FortiTester versions 2.3.0 through 7.2.3 due to the presence of hard-coded credentials. An attacker who gains shell access to the device could exploit this weakness to execute shell commands for unauthorized database access, potentially compromising sensitive data and system integrity.",Fortinet,Fortitester,5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-09-13T13:15:00.000Z,0
CVE-2022-35845,https://securityvulnerability.io/vulnerability/CVE-2022-35845,OS Command Injection Vulnerability in FortiTester by Fortinet,"Multiple improper neutralization occurrences of special elements used in OS commands have been identified in FortiTester. These flaws could permit an authenticated attacker to execute arbitrary commands in the system's underlying shell, potentially leading to a breach of system integrity. Administrators are encouraged to review affected versions and apply necessary measures to mitigate these risks.",Fortinet,Fortitester,7.6,HIGH,0.0013599999947473407,false,,false,false,false,,,false,false,,2023-01-03T16:57:58.754Z,0
CVE-2022-33870,https://securityvulnerability.io/vulnerability/CVE-2022-33870,Command Injection Vulnerability in FortiTester by Fortinet,"An improper neutralization of special elements used in an OS command vulnerability exists in the command line interpreter of FortiTester, allowing an authenticated attacker to execute unauthorized commands. By sending specifically crafted arguments to existing commands, attackers can exploit this vulnerability, potentially leading to system compromise and unauthorized access. It is crucial for Fortinet users to review the affected versions and apply necessary patches to mitigate risks associated with this vulnerability.",Fortinet,Fortinet Fortitester,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-38372,https://securityvulnerability.io/vulnerability/CVE-2022-38372,Hidden Functionality Vulnerability in FortiTester by Fortinet,"FortiTester, a testing and service validation tool from Fortinet, is susceptible to a local privilege escalation vulnerability. This issue arises from a hidden functionality accessible via undocumented commands within the FortiTester CLI across various versions. A local, privileged user can exploit this flaw to gain unauthorized root shell access on the device, potentially compromising the system's integrity and exposing sensitive information. For more information, refer to Fortinet's official advisory.",Fortinet,Fortinet Fortitester,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-33874,https://securityvulnerability.io/vulnerability/CVE-2022-33874,OS Command Injection Vulnerability in FortiTester by Fortinet,"A vulnerability exists in the SSH login components of FortiTester, affecting various versions, allowing an unauthenticated remote attacker to execute arbitrary commands in the underlying shell due to improper neutralization of special elements. This flaw can be exploited to potentially gain unauthorized access and control over the system.",Fortinet,Fortinet Fortitester,9.8,CRITICAL,0.002520000096410513,false,,false,false,false,,,false,false,,2022-10-18T15:15:00.000Z,0
CVE-2022-35846,https://securityvulnerability.io/vulnerability/CVE-2022-35846,Excessive Authentication Attempts in FortiTester Products by Fortinet,"FortiTester products have a vulnerability that improperly restricts excessive authentication attempts, allowing unauthenticated attackers to execute brute force attacks to guess admin credentials. This flaw affects multiple versions, emphasizing the need for users to limit the access and utilize additional security measures to protect their administrative interfaces.",Fortinet,Fortinet Fortitester,8.1,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2022-10-18T14:15:00.000Z,0
CVE-2022-35844,https://securityvulnerability.io/vulnerability/CVE-2022-35844,Command Injection Vulnerability in FortiTester Management Interface by Fortinet,"An OS command injection vulnerability exists in the management interface of FortiTester, affecting multiple versions from 2.3.0 through 7.1.0. This flaw allows an authenticated attacker to execute unauthorized commands by providing specially crafted arguments to the commands of the certificate import feature. Proper security measures should be implemented to mitigate the risks associated with this vulnerability. For detailed information, refer to Fortinet's advisory.",Fortinet,Fortinet Fortitester,6.7,MEDIUM,0.001180000021122396,false,,false,false,false,,,false,false,,2022-10-18T14:15:00.000Z,0
CVE-2022-33873,https://securityvulnerability.io/vulnerability/CVE-2022-33873,OS Command Injection Vulnerability in FortiTester by Fortinet,"An OS Command Injection vulnerability exists in the Console login component of FortiTester versions 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, and 7.0.0 through 7.1.0. This flaw can be exploited by unauthenticated attackers to execute arbitrary commands within the underlying shell environment. If successfully exploited, this could lead to unauthorized access and control over the system, potentially compromising sensitive data and functionalities.",Fortinet,Fortinet Fortitester,6.8,MEDIUM,0.001879999996162951,false,,false,false,false,,,false,false,,2022-10-10T00:00:00.000Z,0
CVE-2022-33872,https://securityvulnerability.io/vulnerability/CVE-2022-33872,OS Command Injection Vulnerability in FortiTester by Fortinet,"The vulnerability exists in the Telnet login components of FortiTester, where improper handling of special elements permits an unauthenticated remote attacker to inject arbitrary commands into the underlying operating system shell. This significant flaw could lead to unauthorized execution of commands, putting sensitive data and system integrity at risk, necessitating immediate attention and remediation.",Fortinet,Fortinet Fortitester,9.8,CRITICAL,0.002520000096410513,false,,false,false,false,,,false,false,,2022-10-10T00:00:00.000Z,0
CVE-2020-12815,https://securityvulnerability.io/vulnerability/CVE-2020-12815,Improper Input Neutralization in FortiTester by Fortinet,"An input validation vulnerability in FortiTester prior to version 3.9.0 allows remote authenticated attackers to inject malicious HTML scripts through IPv4 and IPv6 address fields, potentially leading to unauthorized actions and data exposure.",Fortinet,Fortinet Fortitester,5.4,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2020-09-24T13:33:14.000Z,0