CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-43074
https://notcve.org/view.php?id=CVE-2021-43074
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter. • https://fortiguard.com/psirt/FG-IR-21-126 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 27%CPEs: 40EXPL: 3CVE-2022-42475 – Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2022-42475
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico [CWE-122] en FortiOS SSL-VPN 7.2.0 a 7.2.2, 7.0.0 a 7.0.8, 6.4.0 a 6.4.10, 6.2.0 a 6.2.11, 6.0 .15 y anteriores y FortiProxy SSL-VPN 7.2.0 hasta 7.2.1, 7.0.7 y anteriores pueden permitir que un atacante remoto no autenticado ejecute código o comandos arbitrarios a través de solicitudes específicamente manipuladas. Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests. • https://github.com/0xhaggis/CVE-2022-42475 https://github.com/3yujw7njai/CVE-2022-42475-RCE-POC https://fortiguard.com/psirt/FG-IR-22-398 • CWE-197: Numeric Truncation Error CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-35843
https://notcve.org/view.php?id=CVE-2022-35843
An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. Una omisión de autenticación por vulnerabilidad de datos supuestamente inmutables [CWE-302] en el componente de inicio de sesión SSH de FortiOS 7.2.0, 7.0.0 a 7.0.7, 6.4.0 a 6.4.9, 6.2 todas las versiones, 6.0 todas las versiones y FortiProxy SSH El componente de inicio de sesión 7.0.0 a 7.0.5, 2.0.0 a 2.0.10, 1.2.0 todas las versiones puede permitir que un atacante remoto y no autenticado inicie sesión en el dispositivo mediante el envío de una respuesta Access-Challenge especialmente manipulada desde el servidor Radius. • https://fortiguard.com/psirt/FG-IR-22-255 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 8.6EPSS: 0%CPEs: 24EXPL: 0CVE-2022-26122
https://notcve.org/view.php?id=CVE-2022-26122
An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64. Una verificación insuficiente de la vulnerabilidad de autenticidad de datos [CWE-345] en los motores FortiClient, FortiMail y FortiOS AV versión 6.2.168 e inferiores y la versión 6.4.274 e inferiores puede permitir a un atacante eludir el motor AV mediante la manipulación del archivo adjunto MIME con basura y pad. caracteres en base64. • https://fortiguard.com/psirt/FG-IR-22-074 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-44171
https://notcve.org/view.php?id=CVE-2021-44171
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands. Una neutralización inapropiada de los elementos especiales usados en un comando os ("inyección de comando de os") en Fortinet FortiOS versión 6.0.0 hasta 6.0.14, FortiOS versión 6.2.0 hasta 6.2.10, FortiOS versión 6.4.0 hasta 6.4.8, FortiOS versión 7.0.0 hasta 7.0.3, permite a un atacante ejecutar comandos privilegiados en un FortiSwitch vinculado por medio de comandos CLI de diagnóstico • https://fortiguard.com/psirt/FG-IR-21-242 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •