cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-23439,https://securityvulnerability.io/vulnerability/CVE-2022-23439,External Resource Referencing Vulnerability in Fortinet Products,"This vulnerability in Fortinet products allows attackers to perform web cache poisoning through specially crafted HTTP requests. By manipulating the 'Host' header to point to a malicious web server, an adversary can inject harmful resources into the cache, potentially impacting the integrity and availability of cached content for users. Multiple Fortinet products are affected, creating a significant security risk that necessitates prompt updates and remediation.",Fortinet,"Fortitester,FortiOS,Fortimail,Fortiswitch,Fortiddos-f,Fortiproxy,Fortirecorder,Fortindr,Fortiadc,Fortimanager,Fortisoar,Fortivoice,Fortiddos,Fortiwlc,Fortianalyzer,Fortiportal,Fortiauthenticator",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-22T10:15:00.000Z,0
CVE-2021-26093,https://securityvulnerability.io/vulnerability/CVE-2021-26093,Local Access Control Vulnerability in Fortinet's Wireless Controller Products,"CVE-2021-26093 describes a vulnerability within Fortinet's FortiWLC wireless controller software, specifically versions 8.6.0, 8.5.3, and prior releases. This security flaw involves an uninitialized pointer access (CWE-824), which could empower a local and authenticated attacker to execute specially crafted CLI commands. By doing so, the attacker could potentially crash the managed access point, leading to significant disruptions in network reliability and availability. Organizations using impacted versions are strongly advised to assess their vulnerability management protocols and apply recommended patches to safeguard their network environments.",Fortinet,Fortiwlc,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T07:47:44.394Z,0
CVE-2021-42758,https://securityvulnerability.io/vulnerability/CVE-2021-42758,Improper Access Control Vulnerability in FortiWLC by Fortinet,"An improper access control vulnerability in FortiWLC allows authenticated, low-privileged attackers to gain admin-level access and execute commands by circumventing GUI restrictions. This exposes systems to potential unauthorized changes and command execution, increasing the risk of malicious activities within the network.",Fortinet,Fortinet Fortiwlc,8.8,HIGH,0.0022499999031424522,false,,false,false,false,,,false,false,,2021-12-08T10:53:03.000Z,0
CVE-2020-9288,https://securityvulnerability.io/vulnerability/CVE-2020-9288,Stored Cross Site Scripting Vulnerability in FortiWLC by Fortinet,"An improper neutralization of input in FortiWLC version 8.5.1 can be exploited by a remote authenticated attacker. This vulnerability allows the attacker to conduct a stored cross site scripting (XSS) attack through the ESS profile or the Radius Profile, potentially leading to the execution of malicious scripts in the context of the affected user.",Fortinet,Fortinet Fortiwlc,5.4,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2020-06-22T15:14:43.000Z,0
CVE-2017-17540,https://securityvulnerability.io/vulnerability/CVE-2017-17540,,The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.,Fortinet,Fortiwlc,9.8,CRITICAL,0.0018899999558925629,false,,false,false,false,,,false,false,,2018-05-08T04:29:00.000Z,0
CVE-2017-17539,https://securityvulnerability.io/vulnerability/CVE-2017-17539,,The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.,Fortinet,Fortiwlc,9.8,CRITICAL,0.0018899999558925629,false,,false,false,false,,,false,false,,2018-05-08T04:29:00.000Z,0
CVE-2017-7335,https://securityvulnerability.io/vulnerability/CVE-2017-7335,,"A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters ""refresh"" and ""branchtotable"" present in HTTP POST requests.",Fortinet,Fortiwlc,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2017-10-26T13:00:00.000Z,0
CVE-2017-7341,https://securityvulnerability.io/vulnerability/CVE-2017-7341,,"An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests.",Fortinet,Fortiwlc,7.2,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2017-10-26T13:00:00.000Z,0
CVE-2017-3134,https://securityvulnerability.io/vulnerability/CVE-2017-3134,,An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'.,Fortinet,Fortinet Fortiwlc-sd,7.2,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2017-05-27T00:29:00.000Z,0
CVE-2016-8491,https://securityvulnerability.io/vulnerability/CVE-2016-8491,,The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.,Fortinet,Fortinet Fortiwlc,9.1,CRITICAL,0.0015399999683722854,false,,false,false,false,,,false,false,,2017-02-01T17:00:00.000Z,0
CVE-2016-7560,https://securityvulnerability.io/vulnerability/CVE-2016-7560,,"The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.",Fortinet,Fortiwlc,9.8,CRITICAL,0.0033199999015778303,false,,false,false,false,,,false,false,,2016-10-05T16:00:00.000Z,0
CVE-2016-7561,https://securityvulnerability.io/vulnerability/CVE-2016-7561,,"Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.",Fortinet,Fortiwlc,7.2,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2016-10-05T16:00:00.000Z,0