Fortinet Latest Vulnerabilities

September 11

Brute Force Attack Through Change Password Endpoint

FortinetFortisoar7.1HIGH

September 10

Improper Certificate Validation Vulnerability May Allow Unauthenticated MITM Attack on SAML SSO Feature

FortinetForticlientiOS4.6MEDIUM

FortiClientEMS Vulnerability Allows Path Traversal and Denial of Service

FortinetForticlientems5.5MEDIUM

FortiClient Zero-Day Vulnerability Allows Remote Man-in-the-Middle Attacks

FortinetForticlientmac6.4MEDIUM

Potential vulnerbility in FortiADC WAF could allow unauthorized access to encrypted and signed cookies

FortinetFortiadc3.4LOW

Vulnerability in Cleartext Storage of Sensitive Information Could Lead to Password Theft

FortinetForticlientiOS4MEDIUM

UnAuthenticated Command Injection Vulnerability in FortiClientEMS

FortinetForticlientems6.9MEDIUM

Remote Sensitive Data Read with Low Privileges

FortinetFortianalyzer4.7MEDIUM

FortiSandbox vulnerability exposes sensitive information to unauthorized actors via HTTP get requests

FortinetFortisandbox4.2MEDIUM

Admin Access to Backend Logs of Other Organizations via REST API

FortinetFortiedr Manager4.6MEDIUM

August 13

FortiManager Password Modification Vulnerability

FortinetFortimanager7.8HIGH

Fortinet's FortiDDoS Vulnerable to Command Injection Attacks

FortinetFortiddos7.8HIGH

Insufficient Session Expiration Vulnerability Affects FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager

FortinetFortipam8.8HIGH

Improper Access Control Vulnerability May Allow Bypass of File Integrity Checking System

FortinetFortiOS5.5MEDIUM

Arbitrary Web Script or HTML Injection in FortiSOAR 7.3.0-7.3.2

FortinetFortisoar9CRITICAL

July 9

FortinetFortiadc7.2HIGH

FortinetFortiweb4.8MEDIUM

FortinetFortiaiops8.8HIGH

FortinetFortiproxy4.7MEDIUM

FortinetFortiaiops6.5MEDIUM

FortinetFortiadc5.9MEDIUM

Improper Access Control in FortiExtender Could Lead to Elevated Privileges

FortinetFortiextender Firmware8.8HIGH

FortinetFortiaiops6.5MEDIUM

FortinetFortiportal4.3MEDIUM

FortinetFortiadc6.5MEDIUM

FortinetFortiaiops9.8CRITICAL

June 11

FortinetFortipam6.7MEDIUM

FortiOS Vulnerability Allows Privileged Attacker to Decrypt Backups

FortinetFortiproxy1.7LOW

Unauthorized Code Execution via SQL Injection in FortiSOAR

FortinetFortisoar5.9MEDIUM

Buffer Overflow Vulnerability in FortiOS Could Allow Execution of Unauthorized Code or Commands

FortinetFortiOS7.8HIGH

FortiOS Vulnerability Allows Privileged Attacker to Decrypt Backups

FortinetFortiOS4.8MEDIUM

Buffer Overflow Vulnerability in FortiOS Could Lead to Unauthorized Code Execution

FortinetFortiOS7.8HIGH

Fortinet FortiPortal SQL Injection Vulnerability Allows Unauthorized Information Access

FortinetFortiportal3.9LOW

June 5

Unauthorized Code Execution Vulnerability in FortiWebManager

FortinetFortiwebmanager8.8HIGH

June 3

Unauthorized ADOM Operations via Crafted Requests

FortinetFortiweb5.6MEDIUM

Fortinet FortiAuthenticator Open Redirect Vulnerability

FortinetFortiauthenticator5.8MEDIUM

Unauthorized Code Execution Vulnerability in FortiWebManager

FortinetFortiwebmanager7.6HIGH

Unauthorized Code Execution Vulnerability in FortiWebManager

FortinetFortiwebmanager8.6HIGH

Unauthorized Code Execution Vulnerability in FortiWebManager

FortinetFortiwebmanager7.6HIGH

FortiPortal Vulnerability Allows Improper Access Control via Crafted HTTP Requests

FortinetFortiportal4.1MEDIUM

Plain-text Connector Passwords Vulnerability

FortinetFortisoar6MEDIUM

Unauthorized Access to Sensitive Information in FortiWeb Products

FortinetFortiweb5.2MEDIUM

May 14

FortinetFortiproxy6.7MEDIUM

FortinetFortiproxy7.2HIGH

FortinetFortiportal7.5HIGH

FortinetFortiadc5.2MEDIUM

FortinetFortiOS7.2HIGH

FortinetFortiOS7.2HIGH

FortinetFortivoice7.1HIGH

FortinetFortiproxy4.7MEDIUM

FortinetFortiOS5MEDIUM

FortinetFortinac6.1MEDIUM

FortinetFortisandbox8.6HIGH

April 10

Arbitrary Code Execution Vulnerability in FortiClientMac Installer

FortinetForticlientmac7.8HIGH

April 9

FortiSandbox Command Injection Vulnerability

FortinetFortisandbox8.6HIGH

Arbitrary Code Execution Vulnerability in FortiOS Command Line Interface

FortinetFortiOS6.1MEDIUM

FortiManager Template Engine Vulnerability Allows Unauthorized Code Execution

FortinetFortimanager6.3MEDIUM

FortiSandbox Command Injection Vulnerability

FortinetFortisandbox8.6HIGH

FortiSandbox Command Injection Vulnerability

FortinetFortisandbox6.5MEDIUM

FortiSandbox Path Traversal Vulnerability Could Lead to Information Disclosure

FortinetFortisandbox5.8MEDIUM

Unauthorized Code Execution via Targeted Social Engineering Attack

FortinetFortiOS7.5HIGH

FortiSandbox Path Traversal Vulnerability Allows Unauthorized Code Execution

FortinetFortisandbox7.9HIGH

FortinetFortisandbox6.5MEDIUM

FortiClientLinux Code Injection Vulnerability Allows Unauthorized Code Execution

FortinetForticlientlinux9.4CRITICAL

Fortinet FortiOS Information Disclosure Vulnerability

FortinetFortiOS5MEDIUM

March 12

Unauthorized Code Execution Vulnerability in FortiClientEMS

FortinetForticlientems8.7HIGH

Improper Authentication Vulnerability in FortiOS Could Allow Read-Write Access via Successive Login Attempts

FortinetFortiOS6.7MEDIUM

FortiClientEMS SQL Injection Vulnerability Allows Unauthorized Code Execution

FortinetForticlientems🔥😄👾9.3CRITICAL

Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution via HTTP Requests

FortinetFortiOS👾9.3CRITICAL

Authorization Bypass through User-Controlled Key Vulnerability

FortinetFortios4.3MEDIUM

Buffer Overflow Vulnerability in FortiOS Could Allow Execution of Unauthorized Code

FortinetFortiOS7.7HIGH

Improper Authorization Vulnerability in FortiPortal Could Allow Download of Other Organizations' Reports

FortinetFortiportal3.9LOW

FortiManager Vulnerability Allows Privileged Attacker to Execute Unauthorized Code

FortinetFortimanager6.3MEDIUM

Unauthorized Code Execution Vulnerability in FortiManager

FortinetFortimanager7.7HIGH

February 22

Fortinet FortiOS Vulnerability Allows Denial of Service via Specially Crafted HTTP Requests

FortinetFortiOS7.3HIGH

Fortinet FortiOS Vulnerability Allows Denial of Service via Specially Crafted HTTP Requests

FortinetFortiproxy6.4MEDIUM

FortinetFortipam8.3HIGH

February 20

Fortinet FortiManager Path Traversal Vulnerability Allows Unauthorized Code Execution

FortinetFortiManager8.6HIGH

February 15

Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution

FortinetFortiSwitchManager👾9.8CRITICAL

Fortinet FortiOS Vulnerability Allows Remote Man-in-the-Middle Attack

FortinetFortiOS4.8MEDIUM

FortiManager Vulnerability Allows Adom Administrator to Enumerate Other Adoms and Device Names

FortinetFortimanager4.7MEDIUM

Improper Privilege Management Vulnerability Affects FortiClientEMS

FortinetFortiClientEMS7.2HIGH

Fortinet FortiNAC Cross-Site Scripting Vulnerability

FortinetFortiNAC6.1MEDIUM

February 9

Fortinet FortiOS Vulnerabilities Allow Unauthorized Code Execution

FortinetFortiProxy🔥😄👾9.8CRITICAL

February 5

Fortinet FortiSIEM Vulnerability Allows Attackers to Execute Unauthorized Code or Commands via API Requests

FortinetFortisiem👾9.7CRITICAL

Fortinet FortiSIEM Vulnerability Allows Attackers to Execute Unauthorized Code or Commands via API Requests

FortinetFortiSIEM9.8CRITICAL

January 10

FortinetFortiPortal5.4MEDIUM

FortinetFortiPortal8.8HIGH

FortinetFortiOS8.8HIGH

FortinetFortiPAM6.5MEDIUM

FortinetFortiVoice6.5MEDIUM

December 13

FortinetFortiWAN8.6HIGH

FortinetFortiWAN8.1HIGH

FortinetFortiOS2.8LOW

FortinetFortiOS7HIGH

FortinetFortiWeb4.9MEDIUM

FortinetFortivoice7.5HIGH

FortinetFortisandbox3.4LOW

FortinetFortiSandbox3.4LOW

FortinetFortiPortal7.9HIGH