Page 2 of 10 results (0.003 seconds)

CVSS: 6.7EPSS: 0%CPEs: 14EXPL: 0

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests. Las vulnerabilidades de copia de búfer múltiple sin verificar el tamaño de entrada ('desbordamiento del búfer clásico') [CWE-120] en FortiADC versión 7.2.0 y anteriores a 7.1.2 y FortiDDoS-F versión 6.5.0 y anteriores a 6.4.1 permiten a un atacante privilegiado ejecutar código o comandos arbitrarios a través de solicitudes CLI específicamente manipuladas. • https://fortiguard.com/psirt/FG-IR-23-064 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script. Una vulnerabilidad de control de acceso inadecuado [CWE-284] en la función de automatización FortiADC 7.1.0 a 7.1.2, 7.0 todas las versiones, 6.2 todas las versiones, 6.1 todas las versiones puede permitir que un atacante autenticado con pocos privilegios escale sus privilegios a super_admin a través de una configuración manipulada del script CLI de automatización de fabric. • https://fortiguard.com/psirt/FG-IR-22-292 • CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests. • https://fortiguard.com/psirt/FG-IR-23-076 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands. • https://fortiguard.com/psirt/FG-IR-23-069 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. • https://fortiguard.com/psirt/FG-IR-22-297 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •