CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-45859
https://notcve.org/view.php?id=CVE-2022-45859
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. • https://fortiguard.com/psirt/FG-IR-22-456 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-27993
https://notcve.org/view.php?id=CVE-2023-27993
A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands. • https://fortiguard.com/psirt/FG-IR-23-069 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27999
https://notcve.org/view.php?id=CVE-2023-27999
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. • https://fortiguard.com/psirt/FG-IR-22-297 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-22640
https://notcve.org/view.php?id=CVE-2023-22640
A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. • https://fortiguard.com/psirt/FG-IR-22-475 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35850
https://notcve.org/view.php?id=CVE-2022-35850
An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the "reset-password" page. • https://fortiguard.com/psirt/FG-IR-22-275 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •