CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-44171
https://notcve.org/view.php?id=CVE-2021-44171
10 Oct 2022 — A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands. Una neutralización inapropiada de los elementos especiales usados en un comando os ("inyección de comando de os") en Fortinet FortiOS versión 6.0.0 hasta 6.0.... • https://fortiguard.com/psirt/FG-IR-21-242 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-29053
https://notcve.org/view.php?id=CVE-2022-29053
06 Sep 2022 — A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it. Una vulnerabilidad de pasos criptográficos faltantes [CWE-325] en las funciones que cifran los archivos keytab en FortiOS versiones 7.2.0, 7.0.0 hasta 7.0.5 y anteriores a 7.0.0, puede permitir a un atacante en posesión del archivo cifrado descifrarlo. • https://fortiguard.com/psirt/FG-IR-22-158 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-27491
https://notcve.org/view.php?id=CVE-2022-27491
06 Sep 2022 — A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim. Una verificación inapropiada de la fuente de un canal de comunicación en Fortinet FortiOS con motor IPS versiones 7.201 hasta 7.2... • https://fortiguard.com/psirt/FG-IR-22-073 •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-22299
https://notcve.org/view.php?id=CVE-2022-22299
05 Aug 2022 — A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS v... • https://fortiguard.com/psirt/FG-IR-21-235 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23438
https://notcve.org/view.php?id=CVE-2022-23438
18 Jul 2022 — An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page. Una neutralización inapropiada de la entrada durante la generación de la página web ("Cross-site Scripting") [CWE-79] vulnerabilidad en FortiOS versión 7.0.5 y anteriores y 6.4.9 y anterior... • https://fortiguard.com/psirt/FG-IR-21-057 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 130EXPL: 0CVE-2021-42755
https://notcve.org/view.php?id=CVE-2021-42755
18 Jul 2022 — An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service. Una vulnerabilidad de de... • https://fortiguard.com/psirt/FG-IR-21-155 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2021-44170
https://notcve.org/view.php?id=CVE-2021-44170
18 Jul 2022 — A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments. Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria [CWE-121] en el intérprete de línea de comandos de FortiOS versiones anteriores a 7.0.4 y FortiProxy versiones anteriores a 2.0.8, puede permitir a un atacante autenticado ... • https://fortiguard.com/psirt/FG-IR-21-179 • CWE-787: Out-of-bounds Write •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22306
https://notcve.org/view.php?id=CVE-2022-22306
24 May 2022 — An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms. Una vulnerabilidad de comprobación de certificados inapropiada [CWE-295] en FortiOS versiones 6.0.0 hasta 6.0.14, 6.2.0 hasta 6.2.10, 6.4.0 hasta 6.4.8, 7.0.0 puede permitir a un atacant... • https://fortiguard.com/psirt/FG-IR-21-239 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43081
https://notcve.org/view.php?id=CVE-2021-43081
11 May 2022 — An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. Una vulnerabilidad de neutralización inapropiada de la entrada durante la generación de la página web [CWE-79] en FortiOS versión 7.0.3 y anteriores, 6.4.8 y ant... • https://fortiguard.com/psirt/FG-IR-21-230 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43206
https://notcve.org/view.php?id=CVE-2021-43206
04 May 2022 — A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. Un mensaje de error generado por el servidor que contiene información confidencial en Fortinet FortiOS 7.0.0 a 7.0.3, 6.4.0 a 6.4.8, 6.2.x, 6.0.x y FortiProxy 7.0.0 a 7.0... • https://fortiguard.com/psirt/FG-IR-21-231 • CWE-209: Generation of Error Message Containing Sensitive Information •