threat
engine
.sh
Back
·
··:··
Home
/
Product
/
fortinet fortiproxy
Product
fortinet fortiproxy
117 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-61624
>= 7.0.0 and < 7.4.12
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0
6.0
MEDIUM
CVE-2026-24858
>= 7.0.0 and <= 7.0.22
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0
9.8
CRITICAL
CVE-2025-59718
>= 7.0.0 and < 7.0.22
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.
9.8
CRITICAL
CVE-2024-47570
>= 7.2.0 and < 7.2.12
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7
6.6
MEDIUM
CVE-2025-54821
>= 7.0.0 and < 7.6.4
An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all ve
1.9
LOW
CVE-2025-57740
>= 7.0.0 and < 7.4.4
An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10
7.5
HIGH
CVE-2025-54822
>= 2.0.0 and < 7.4.9
An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2
4.3
MEDIUM
CVE-2025-47890
>= 7.0.0 and < 7.6.4
An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.
2.6
LOW
CVE-2025-31514
>= 7.0.0 and < 7.6.4
An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2
2.7
LOW
CVE-2025-31366
>= 7.0.0 and < 7.6.4
An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 thro
4.7
MEDIUM
CVE-2025-25255
>= 7.0.1 and < 7.6.4
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.
5.3
MEDIUM
CVE-2025-25253
>= 7.0.0 and < 7.4.9
An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.
7.5
HIGH
CVE-2025-22258
>= 7.4.0 and < 7.4.8
A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1
6.5
MEDIUM
CVE-2024-50571
>= 1.0.0 and < 7.0.20
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, Forti
7.2
HIGH
CVE-2024-47569
>= 1.0.0 and < 7.2.11
A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 throu
4.3
MEDIUM
CVE-2024-26008
>= 1.2.0 and < 7.2.10
An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before
5.3
MEDIUM
CVE-2023-46718
>= 7.0.0 and < 7.4.8
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and
6.7
MEDIUM
CVE-2025-22862
>= 7.0.5 and < 7.4.9
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through
6.7
MEDIUM
CVE-2025-25248
>= 2.0.0 and < 7.4.4
An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.
5.3
MEDIUM
CVE-2024-26009
>= 7.0.0 and < 7.0.16
An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, Fort
8.1
HIGH
CVE-2023-45584
>= 7.0.0 and < 7.0.14
A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through
6.6
MEDIUM
CVE-2024-55599
>= 7.0.0 and < 7.4.9
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7
5.3
MEDIUM
CVE-2024-52965
>= 7.0.0 and < 7.0.21
A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7
7.2
HIGH
CVE-2025-22254
>= 7.4.0 and < 7.4.8
An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 thro
6.6
MEDIUM
CVE-2024-50568
>= 7.0.0 and < 7.0.17
A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7
5.9
MEDIUM
CVE-2023-29184
>= 1.1.0 and < 7.0.9
An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and
3.2
LOW
CVE-2025-22252
all versions
A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2
9.8
CRITICAL
CVE-2024-50565
>= 2.0.0 and < 7.0.16
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 th
3.1
LOW
CVE-2024-26013
>= 2.0.0 and < 7.0.16
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 th
7.5
HIGH
CVE-2023-37930
>= 7.0.0 and < 7.0.13
Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities vulnerab
7.5
HIGH
CVE-2023-25610
>= 1.1.0 and < 7.0.9
A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7
9.8
CRITICAL
CVE-2019-15706
>= 1.2.0 and <= 1.2.9
An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 an
4.1
MEDIUM
CVE-2024-26006
>= 7.0.0 and < 7.0.17
An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version
7.5
HIGH
CVE-2024-45324
>= 7.0.0 and < 7.0.20
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through
7.2
HIGH
CVE-2025-24472
>= 7.0.0 and < 7.0.20
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and Fo
8.1
HIGH
CVE-2023-40721
>= 1.2.0 and < 7.0.15
A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to ex
6.7
MEDIUM
CVE-2022-23439
>= 2.0.0 and < 7.0.5
A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches
4.7
MEDIUM
CVE-2024-55591
>= 7.0.0 and < 7.0.20
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.1
9.8
CRITICAL
CVE-2024-54021
>= 7.2.0 and < 7.2.12
An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet Forti
6.5
MEDIUM
CVE-2024-48886
>= 2.0.0 and < 2.0.15
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6
9.0
CRITICAL
CVE-2024-48884
>= 1.0.0 and < 7.0.19
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 thro
7.5
HIGH
CVE-2024-33510
>= 7.0.0 and < 7.0.17
An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in F
4.3
MEDIUM
CVE-2024-26011
>= 1.0.0 and < 7.0.17
A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 th
5.3
MEDIUM
CVE-2022-45862
>= 7.0.0 and < 7.4.0
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all ver
3.7
LOW
CVE-2024-26015
>= 7.0.0 and <= 7.4.3
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2
3.4
LOW
CVE-2024-26010
>= 1.0.0 and < 7.0.17
A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthent
7.5
HIGH
CVE-2024-23111
>= 7.0.0 and < 7.0.15
An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version
6.8
MEDIUM
CVE-2024-21754
>= 2.0.0 and <= 2.0.14
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7
1.8
LOW
CVE-2023-45586
>= 2.0.0 and <= 2.0.12
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 th
5.0
MEDIUM
CVE-2023-45583
< 7.0.12
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 thro
6.7
MEDIUM
CVE-2023-36640
>= 1.0.0 and <= 1.0.7
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 thro
6.7
MEDIUM
CVE-2023-41677
>= 1.0.0 and < 7.0.14
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.
7.5
HIGH
CVE-2024-23112
>= 7.0.0 and <= 7.0.14
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through
8.0
HIGH
CVE-2023-42790
>= 2.0.0 and <= 2.0.13
A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.
8.1
HIGH
CVE-2023-42789
>= 2.0.0 and <= 2.0.13
A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.
9.8
CRITICAL
CVE-2023-29181
>= 1.0.0 and < 2.0.13
A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12,
8.8
HIGH
CVE-2023-29180
>= 1.0.0 and <= 1.0.7
A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 thro
7.5
HIGH
CVE-2023-29179
>= 7.0.0 and < 7.0.11
A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy
6.5
MEDIUM
CVE-2024-23113
>= 7.0.0 and <= 7.0.14
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through
9.8
CRITICAL
CVE-2024-21762
>= 1.0.0 and < 2.0.14
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6
9.8
CRITICAL
CVE-2023-44250
all versions
An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 an
8.8
HIGH
CVE-2023-47536
>= 2.0.0 and <= 2.0.12
An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below an
3.1
LOW
CVE-2023-36639
>= 7.0.0 and <= 7.0.10
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS ve
7.2
HIGH
CVE-2023-36641
>= 1.0.0 and <= 1.0.7
A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy
6.5
MEDIUM
CVE-2023-28002
>= 2.0.0 and <= 2.0.13
An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4
6.4
MEDIUM
CVE-2023-41675
>= 7.0.0 and <= 7.0.8
A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy ve
5.3
MEDIUM
CVE-2023-29183
>= 7.0.0 and < 7.0.11
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0
8.0
HIGH
CVE-2023-33308
>= 7.0.0 and <= 7.0.9
A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiP
9.8
CRITICAL
CVE-2021-43072
>= 1.0.0 and < 2.0.9
A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, versio
6.7
MEDIUM
CVE-2023-33307
>= 7.0.0 and <= 7.0.9
A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows att
6.5
MEDIUM
CVE-2023-33306
>= 7.0.0 and < 7.0.10
A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before
6.5
MEDIUM
CVE-2023-33305
>= 1.0.0 and <= 1.0.7
A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 th
4.9
MEDIUM
CVE-2023-29178
>= 1.1.0 and <= 1.1.6
A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and
4.3
MEDIUM
CVE-2023-29175
>= 1.2.0 and <= 1.2.13
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.
4.8
MEDIUM
CVE-2023-27997
>= 1.1.0 and <= 1.1.6
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12
9.8
CRITICAL
CVE-2023-26207
>= 7.0.0 and <= 7.0.10
An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 thr
3.3
LOW
CVE-2023-22639
>= 1.0.0 and <= 1.0.7
A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0
6.7
MEDIUM
CVE-2022-43953
>= 7.0.0 and <= 7.0.7
A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS al
6.7
MEDIUM
CVE-2022-42474
>= 1.0.0 and <= 1.0.7
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and
6.5
MEDIUM
CVE-2022-41327
>= 7.0.0 and <= 7.0.7
A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 t
7.8
HIGH
CVE-2023-22640
all versions
A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0
7.5
HIGH
CVE-2023-22641
>= 1.0.0 and <= 2.0.12
A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 throu
4.1
MEDIUM
CVE-2022-43947
>= 1.0.0 and <= 2.0.9
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.
5.0
MEDIUM
CVE-2022-41331
>= 1.0.0 and < 2.0.0
A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1
9.8
CRITICAL
CVE-2022-41330
>= 7.0.0 and < 7.0.8
An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS
8.8
HIGH
CVE-2022-45861
>= 1.2.0 and <= 1.2.13
An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3,
6.5
MEDIUM
CVE-2022-42476
>= 1.1.0 and <= 1.1.6
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6
8.2
HIGH
CVE-2022-41329
>= 7.0.0 and <= 7.0.8
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through
5.3
MEDIUM
CVE-2022-42472
>= 1.1.0 and <= 1.1.6
A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through
4.2
MEDIUM
CVE-2022-41335
>= 1.1.0 and <= 1.1.6
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before
8.8
HIGH
CVE-2022-39948
>= 1.2.0 and <= 2.0.9
An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions,
4.8
MEDIUM
CVE-2022-38378
>= 1.1.0 and <= 2.0.9
An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version
4.2
MEDIUM
CVE-2022-29054
>= 1.1.0 and <= 1.1.6
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS ver
3.3
LOW
CVE-2021-43074
>= 1.0.0 and < 2.0.8
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 al
4.3
MEDIUM
CVE-2022-42475
>= 1.0.0 and <= 1.0.7
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6
9.8
CRITICAL
CVE-2022-35843
>= 1.2.0 and <= 1.2.13
An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 throug
8.1
HIGH
CVE-2022-29055
>= 1.2.6 and < 1.2.13
A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.1
7.5
HIGH
CVE-2022-40684
>= 7.0.0 and < 7.0.7
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 th
9.8
CRITICAL
CVE-2022-22299
>= 1.0.0 and <= 1.0.7
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version
7.8
HIGH
CVE-2021-44170
>= 1.0.0 and <= 1.0.7
A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy befor
6.7
MEDIUM
CVE-2021-42755
>= 1.0.0 and <= 1.0.7
An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecor
4.3
MEDIUM
CVE-2021-43081
>= 2.0.0 and < 2.0.8
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 an
6.1
MEDIUM
CVE-2021-43206
>= 2.0.0 and < 2.0.9
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.
4.3
MEDIUM
CVE-2021-26092
>= 1.2.0 and <= 1.2.9
Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14,
4.7
MEDIUM
CVE-2021-41024
all versions
A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an una
7.5
HIGH
CVE-2021-26103
>= 1.2.0 and <= 1.2.11
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and be
6.3
MEDIUM
CVE-2021-42757
>= 1.0.0 and <= 2.0.7
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authe
6.7
MEDIUM
CVE-2021-26110
>= 1.0.0 and <= 1.0.7
An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and bel
7.8
HIGH
CVE-2021-22130
>= 1.0.0 and <= 1.0.7
A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1
6.7
MEDIUM
CVE-2019-17656
>= 1.0.0 and < 1.2.10
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x,
5.4
MEDIUM
CVE-2021-22128
<= 1.2.9
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated,
7.1
HIGH
CVE-2020-6648
< 1.2.10
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and For
5.3
MEDIUM
CVE-2018-13382
< 1.2.9
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.
9.1
CRITICAL
CVE-2018-13381
<= 1.2.8
A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiPr
5.3
MEDIUM
CVE-2018-13380
<= 1.2.8
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and
4.7
MEDIUM
CVE-2018-13379
< 1.2.9
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6
9.1
CRITICAL
CVE-2018-13383
< 1.2.9
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and
4.3
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin