cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-26102,https://securityvulnerability.io/vulnerability/CVE-2021-26102,Relative Path Traversal Vulnerability in FortiWAN Products,"CVE-2021-26102 is a critical relative path traversal vulnerability in FortiWAN that affects versions 4.5.7 and below as well as all versions of 4.4. This vulnerability enables a remote, non-authenticated attacker to exploit the system through crafted POST requests, leading to the deletion of specific configuration files. Such unauthorized access can reset the admin password to its factory default, posing significant risks to system security and management. Immediate action is recommended to mitigate these risks.",Fortinet,Fortiwan,9.8,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2024-12-19T13:56:38.177Z,0
CVE-2021-26115,https://securityvulnerability.io/vulnerability/CVE-2021-26115,OS Command Injection Vulnerability in FortiWAN Products,"CVE-2021-26115 is a high-severity OS command injection vulnerability affecting FortiWAN versions 4.5.7 and earlier. This security flaw resides in the Command Line Interface (CLI), enabling local, authenticated, and unprivileged attackers to execute specially-crafted commands. By exploiting this vulnerability, attackers can escalate their privileges to root, potentially gaining unauthorized access and control over affected systems. It is crucial for users and administrators of FortiWAN products to apply available patches and mitigate risks associated with this vulnerability. For more detailed information, refer to Fortinet's official advisory at [FortiGuard](https://fortiguard.fortinet.com/psirt/FG-IR-21-069).",Fortinet,Fortiwan,7.6,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-19T10:57:54.695Z,0
CVE-2023-44251,https://securityvulnerability.io/vulnerability/CVE-2023-44251,Path Traversal Vulnerability in Fortinet FortiWAN Product,"A path traversal vulnerability in Fortinet's FortiWAN allows an authenticated attacker to manipulate file paths in HTTP/HTTPS requests. This could enable unauthorized access to sensitive files or allow for their deletion. The issue affects specific versions of FortiWAN, highlighting the need for users to patch their installations and conduct thorough security audits.",Fortinet,FortiWAN,8.1,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2023-12-13T09:15:00.000Z,0
CVE-2023-44252,https://securityvulnerability.io/vulnerability/CVE-2023-44252,Improper Authentication in Fortinet FortiWAN Products,"An improper authentication vulnerability has been identified in Fortinet FortiWAN versions 5.1.1 through 5.1.2 and 5.2.0 through 5.2.1, allowing an authenticated attacker to exploit this weakness. Through crafted JWT token values sent via HTTP or HTTPS requests, the attacker may escalate their privileges, potentially gaining unauthorized access to sensitive functions within the FortiWAN product. It is crucial for organizations using affected versions to apply immediate remediation to mitigate any risks associated with this vulnerability.",Fortinet,FortiWAN,8.6,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2023-12-13T09:15:00.000Z,0
CVE-2022-33869,https://securityvulnerability.io/vulnerability/CVE-2022-33869,OS Command Injection Vulnerability in FortiWAN by Fortinet,"An OS command injection vulnerability exists in the management interface of FortiWAN, allowing an authenticated attacker to execute arbitrary commands. By sending specially crafted arguments to existing command functions, the attacker may manipulate the system's command execution flow, potentially leading to unauthorized actions within the affected FortiWAN versions. This vulnerability affects FortiWAN versions from 4.0.0 to 4.5.9, urging users to apply security patches and follow best practices to mitigate risks.",Fortinet,Fortiwan,8,HIGH,0.001180000021122396,false,false,false,false,,false,false,2023-02-16T18:07:38.200Z,0
CVE-2021-26113,https://securityvulnerability.io/vulnerability/CVE-2021-26113,,A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored.,Fortinet,Fortinet Fortiwan,6.2,MEDIUM,0.0016799999866634607,false,false,false,false,,false,false,2022-04-06T16:00:57.000Z,0
CVE-2021-32585,https://securityvulnerability.io/vulnerability/CVE-2021-32585,,An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests.,Fortinet,Fortinet Fortiwan,7.2,HIGH,0.0017999999690800905,false,false,false,false,,false,false,2022-04-06T16:00:40.000Z,0
CVE-2021-32593,https://securityvulnerability.io/vulnerability/CVE-2021-32593,,A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages.,Fortinet,Fortinet Fortiwan,6.5,MEDIUM,0.001500000013038516,false,false,false,false,,false,false,2022-04-06T09:15:31.000Z,0
CVE-2021-24009,https://securityvulnerability.io/vulnerability/CVE-2021-24009,,Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests.,Fortinet,Fortinet Fortiwan,7.2,HIGH,0.0010900000343099236,false,false,false,false,,false,false,2022-04-06T09:15:26.000Z,0
CVE-2021-26114,https://securityvulnerability.io/vulnerability/CVE-2021-26114,,Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.,Fortinet,Fortinet Fortiwan,9.8,CRITICAL,0.004660000093281269,false,false,false,false,,false,false,2022-04-06T09:15:21.000Z,0
CVE-2021-26112,https://securityvulnerability.io/vulnerability/CVE-2021-26112,,Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests.,Fortinet,Fortinet Fortiwan,8.1,HIGH,0.0036299999337643385,false,false,false,false,,false,false,2022-04-06T09:15:15.000Z,0
CVE-2016-4966,https://securityvulnerability.io/vulnerability/CVE-2016-4966,,The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.,Fortinet,Fortiwan,6.5,MEDIUM,0.0013800000306218863,false,false,false,false,,false,false,2016-09-21T14:00:00.000Z,0
CVE-2016-4967,https://securityvulnerability.io/vulnerability/CVE-2016-4967,,Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.,Fortinet,Fortiwan,6.5,MEDIUM,0.0015899999998509884,false,false,false,false,,false,false,2016-09-21T14:00:00.000Z,0
CVE-2016-4969,https://securityvulnerability.io/vulnerability/CVE-2016-4969,,Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.,Fortinet,Fortiwan,6.1,MEDIUM,0.0013699999544769526,false,false,false,false,,false,false,2016-09-21T14:00:00.000Z,0
CVE-2016-4965,https://securityvulnerability.io/vulnerability/CVE-2016-4965,,Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.,Fortinet,Fortiwan,8.8,HIGH,0.009200000204145908,false,false,false,false,,false,false,2016-09-21T14:00:00.000Z,0
CVE-2016-4968,https://securityvulnerability.io/vulnerability/CVE-2016-4968,,The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.,Fortinet,Fortiwan,6.5,MEDIUM,0.0015899999998509884,false,false,false,false,,false,false,2016-09-21T14:00:00.000Z,0