CVE-2023-26207
https://notcve.org/view.php?id=CVE-2023-26207
An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text. • https://fortiguard.com/psirt/FG-IR-22-455 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-22639
https://notcve.org/view.php?id=CVE-2023-22639
A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands. • https://fortiguard.com/psirt/FG-IR-22-494 • CWE-787: Out-of-bounds Write •
CVE-2022-43953
https://notcve.org/view.php?id=CVE-2022-43953
A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands. • https://fortiguard.com/psirt/FG-IR-22-463 • CWE-134: Use of Externally-Controlled Format String •
CVE-2022-42474
https://notcve.org/view.php?id=CVE-2022-42474
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-393 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVE-2022-41327
https://notcve.org/view.php?id=CVE-2022-41327
A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands. • https://fortiguard.com/psirt/FG-IR-22-380 • CWE-319: Cleartext Transmission of Sensitive Information •