CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-27482
https://notcve.org/view.php?id=CVE-2022-27482
16 Feb 2023 — A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands. A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary she... • https://fortiguard.com/psirt/FG-IR-22-046 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 6EXPL: 0CVE-2022-39947
https://notcve.org/view.php?id=CVE-2022-39947
03 Jan 2023 — A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-061 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-33875
https://notcve.org/view.php?id=CVE-2022-33875
06 Dec 2022 — An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. Una neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de Comando SQL ("Inyección SQL") en Fortinet FortiADC versión 7.1.0, versión 7.0.0 a 7.0.2 y versión 6.2.4 y anterior... • https://fortiguard.com/psirt/FG-IR-22-252 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-33876
https://notcve.org/view.php?id=CVE-2022-33876
06 Dec 2022 — Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests. Múltiples instancias de vulnerabilidad de validación de entrada incorrecta en Fortinet FortiADC versión 7.1.0, versión 7.0.0 a 7.0.2 y versión 6.2.4 y anteriores permiten a un atacante autenticado recuperar archivos con una... • https://fortiguard.com/psirt/FG-IR-22-253 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 10%CPEs: 2EXPL: 2CVE-2022-38374
https://notcve.org/view.php?id=CVE-2022-38374
02 Nov 2022 — A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews. Una neutralización inadecuada de la entrada durante la generación de la página web ("cross-site scripting") en Fortinet FortiADC 7.0.0 - 7.0.2 y 6.2.0 - 6.2.4 permite a un atacante ejecutar código o comandos no autorizados a través de la UR... • https://github.com/azhurtanov/CVE-2022-38374 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-38381
https://notcve.org/view.php?id=CVE-2022-38381
02 Nov 2022 — An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request. Existe un manejo inadecuado de la vulnerabilidad de solicitud con formato incorrecto [CWE-228] en FortiADC 5.0 todas las versiones, 6.0.0 toda... • https://fortiguard.com/psirt/FG-IR-22-234 •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35851
https://notcve.org/view.php?id=CVE-2022-35851
02 Nov 2022 — An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address. Una neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web [CWE-79] en la interfaz de administración FortiADC 7.1.0 puede permitir que un atacante remoto y autenticado desencadene un ataque de cross ... • https://fortiguard.com/psirt/FG-IR-22-314 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43076
https://notcve.org/view.php?id=CVE-2021-43076
06 Sep 2022 — An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access. Una vulnerabilidad de administración inapropiada de privilegios [CWE-269] en FortiADC versiones 6.2.1 y anteriores, 6.1.5 y anteriores, 6.0.4 y anteriores, 5.4.5 y anteriores y 5.3.7 y anteriores, puede permitir que un atacan... • https://fortiguard.com/psirt/FG-IR-21-215 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-22299
https://notcve.org/view.php?id=CVE-2022-22299
05 Aug 2022 — A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS v... • https://fortiguard.com/psirt/FG-IR-21-235 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27484
https://notcve.org/view.php?id=CVE-2022-27484
03 Aug 2022 — A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request. Un cambio de contraseña no verificado en Fortinet FortiADC versiones 6.2.0 hasta 6.2.3, 6.1.x, 6.0.x, 5.x.x, permite a un atacante autenticado omitir la comprobación de la contraseña antigua en el formulario de cambio de contraseña por medio de una petición HTTP diseñada • https://fortiguard.com/psirt/FG-IR-22-055 • CWE-287: Improper Authentication •