cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-26102,https://securityvulnerability.io/vulnerability/CVE-2021-26102,Relative Path Traversal Vulnerability in FortiWAN Products,"CVE-2021-26102 is a critical relative path traversal vulnerability in FortiWAN that affects versions 4.5.7 and below as well as all versions of 4.4. This vulnerability enables a remote, non-authenticated attacker to exploit the system through crafted POST requests, leading to the deletion of specific configuration files. Such unauthorized access can reset the admin password to its factory default, posing significant risks to system security and management. Immediate action is recommended to mitigate these risks.",Fortinet,Fortiwan,9.1,CRITICAL,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-12-19T13:56:38.177Z,0
CVE-2021-26115,https://securityvulnerability.io/vulnerability/CVE-2021-26115,OS Command Injection Vulnerability in FortiWAN Products,"CVE-2021-26115 is a high-severity OS command injection vulnerability affecting FortiWAN versions 4.5.7 and earlier. This security flaw resides in the Command Line Interface (CLI), enabling local, authenticated, and unprivileged attackers to execute specially-crafted commands. By exploiting this vulnerability, attackers can escalate their privileges to root, potentially gaining unauthorized access and control over affected systems. It is crucial for users and administrators of FortiWAN products to apply available patches and mitigate risks associated with this vulnerability. For more detailed information, refer to Fortinet's official advisory at [FortiGuard](https://fortiguard.fortinet.com/psirt/FG-IR-21-069).",Fortinet,Fortiwan,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T10:57:54.695Z,0
CVE-2023-44251,https://securityvulnerability.io/vulnerability/CVE-2023-44251,Path Traversal Vulnerability in Fortinet FortiWAN Product,"A path traversal vulnerability in Fortinet's FortiWAN allows an authenticated attacker to manipulate file paths in HTTP/HTTPS requests. This could enable unauthorized access to sensitive files or allow for their deletion. The issue affects specific versions of FortiWAN, highlighting the need for users to patch their installations and conduct thorough security audits.",Fortinet,FortiWAN,8.1,HIGH,0.0007999999797903001,false,,false,false,false,,,false,false,,2023-12-13T09:15:00.000Z,0
CVE-2023-44252,https://securityvulnerability.io/vulnerability/CVE-2023-44252,Improper Authentication in Fortinet FortiWAN Products,"An improper authentication vulnerability has been identified in Fortinet FortiWAN versions 5.1.1 through 5.1.2 and 5.2.0 through 5.2.1, allowing an authenticated attacker to exploit this weakness. Through crafted JWT token values sent via HTTP or HTTPS requests, the attacker may escalate their privileges, potentially gaining unauthorized access to sensitive functions within the FortiWAN product. It is crucial for organizations using affected versions to apply immediate remediation to mitigate any risks associated with this vulnerability.",Fortinet,FortiWAN,8.6,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-12-13T09:15:00.000Z,0
CVE-2022-33869,https://securityvulnerability.io/vulnerability/CVE-2022-33869,OS Command Injection Vulnerability in FortiWAN by Fortinet,"An OS command injection vulnerability exists in the management interface of FortiWAN, allowing an authenticated attacker to execute arbitrary commands. By sending specially crafted arguments to existing command functions, the attacker may manipulate the system's command execution flow, potentially leading to unauthorized actions within the affected FortiWAN versions. This vulnerability affects FortiWAN versions from 4.0.0 to 4.5.9, urging users to apply security patches and follow best practices to mitigate risks.",Fortinet,Fortiwan,8,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2023-02-16T18:07:38.200Z,0
CVE-2021-26113,https://securityvulnerability.io/vulnerability/CVE-2021-26113,Password Guessing Vulnerability in FortiWAN by Fortinet,"In FortiWAN versions before 4.5.9, a vulnerability exists due to the use of a one-way hash with a predictable salt. This could allow an attacker, who has previously obtained the password file, to potentially guess the stored passwords, compromising the security of the affected systems.",Fortinet,Fortinet Fortiwan,6.2,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2022-04-06T16:00:57.000Z,0
CVE-2021-32585,https://securityvulnerability.io/vulnerability/CVE-2021-32585,Stored Cross-Site Scripting Vulnerability in FortiWAN by Fortinet,"An input validation flaw in FortiWAN prior to version 4.5.9 allows attackers to inject malicious scripts into web pages through specially crafted HTTP requests. This vulnerability can lead to stored cross-site scripting attacks, compromising user data and overall web application security. Implementing proper input sanitization and updating to the latest version is essential to mitigate this risk.",Fortinet,Fortinet Fortiwan,7.2,HIGH,0.0017999999690800905,false,,false,false,false,,,false,false,,2022-04-06T16:00:40.000Z,0
CVE-2021-32593,https://securityvulnerability.io/vulnerability/CVE-2021-32593,Cryptographic Algorithm Vulnerability in FortiWAN by Fortinet,"A vulnerability in the Dynamic Tunnel Protocol of FortiWAN versions before 4.5.9 allows an unauthenticated remote attacker to exploit a broken cryptographic algorithm. This flaw can enable the attacker to decrypt and forge communications within the protocol, potentially compromising the integrity and confidentiality of the data being transmitted.",Fortinet,Fortinet Fortiwan,6.5,MEDIUM,0.001500000013038516,false,,false,false,false,,,false,false,,2022-04-06T09:15:31.000Z,0
CVE-2021-24009,https://securityvulnerability.io/vulnerability/CVE-2021-24009,Improper Input Validation in FortiWAN Web GUI Allows Command Execution,"Multiple instances of improper input validation in the Web GUI of FortiWAN before version 4.5.9 create vulnerabilities that allow an authenticated attacker to inject and execute arbitrary OS commands. This can be achieved through specially crafted HTTP requests that exploit these weaknesses, potentially compromising the underlying system.",Fortinet,Fortinet Fortiwan,7.2,HIGH,0.0010900000343099236,false,,false,false,false,,,false,false,,2022-04-06T09:15:26.000Z,0
CVE-2021-26114,https://securityvulnerability.io/vulnerability/CVE-2021-26114,SQL Injection Vulnerability in FortiWAN by Fortinet,"Multiple vulnerabilities in FortiWAN prior to version 4.5.9 enable an unauthenticated attacker to exploit improper neutralization of special elements in SQL commands. This could allow unauthorized command execution through specially crafted HTTP requests, posing significant security risks to affected systems.",Fortinet,Fortinet Fortiwan,9.8,CRITICAL,0.004660000093281269,false,,false,false,false,,,false,false,,2022-04-06T09:15:21.000Z,0
CVE-2021-26112,https://securityvulnerability.io/vulnerability/CVE-2021-26112,Stack-based Buffer Overflow in FortiWAN by Fortinet,"Multiple stack-based buffer overflow vulnerabilities exist in the network daemons and command line interpreter of FortiWAN prior to version 4.5.9. These vulnerabilities enable an unauthenticated attacker to craft specific requests that may lead to potential corruption of control data in memory, resulting in the execution of arbitrary code.",Fortinet,Fortinet Fortiwan,8.1,HIGH,0.0036299999337643385,false,,false,false,false,,,false,false,,2022-04-06T09:15:15.000Z,0
CVE-2016-4967,https://securityvulnerability.io/vulnerability/CVE-2016-4967,,Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.,Fortinet,Fortiwan,6.5,MEDIUM,0.0015899999998509884,false,,false,false,false,,,false,false,,2016-09-21T14:00:00.000Z,0
CVE-2016-4965,https://securityvulnerability.io/vulnerability/CVE-2016-4965,,Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.,Fortinet,Fortiwan,8.8,HIGH,0.009200000204145908,false,,false,false,false,,,false,false,,2016-09-21T14:00:00.000Z,0
CVE-2016-4969,https://securityvulnerability.io/vulnerability/CVE-2016-4969,,Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.,Fortinet,Fortiwan,6.1,MEDIUM,0.0013699999544769526,false,,false,false,false,,,false,false,,2016-09-21T14:00:00.000Z,0
CVE-2016-4966,https://securityvulnerability.io/vulnerability/CVE-2016-4966,,The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.,Fortinet,Fortiwan,6.5,MEDIUM,0.0013800000306218863,false,,false,false,false,,,false,false,,2016-09-21T14:00:00.000Z,0
CVE-2016-4968,https://securityvulnerability.io/vulnerability/CVE-2016-4968,,The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.,Fortinet,Fortiwan,6.5,MEDIUM,0.0015899999998509884,false,,false,false,false,,,false,false,,2016-09-21T14:00:00.000Z,0