Fortinet, an American multinational corporation headquartered in Sunnyvale, California. The company develops and sells cybersecurity solutions, such as physical firewalls, antivirus software, intrusion prevention systems, and endpoint security components. Fortinet has addressed a raft of security vulnerabilities affecting several of its endpoint security products.The following is a list of advisories for issues resolved in Fortinet products.
CVE-2022-26120 : FortiADC – Multiple SQL Injection vulnerabilities in the management interface
Multiple improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerabilities in FortiADC
CVE-2022-27483 : FortiAnalyzer & FortiManager – OS command injection vulnerability in CLI
An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in FortiManager
CVE-2021-43072 : FortiAnalyzer/FortiManager/FortiOS/FortiProxy – stack-based buffer overflow via crafted CLI execute command
A buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in FortiAnalyzer/FortiManager/FortiOS/FortiProxy
CVE-2021-4103: FortiClient (Windows) – Privilege Escalation via directory traversal attack
A relative path traversal vulnerability in FortiClient for Windows may allow a local unprivileged attacker to escalate privileges
CVE-2022-30302: FortiDeceptor – Path traversal vulnerability
Multiple relative path traversal vulnerabilities in FortiDeceptor management interface may allow a remote and authenticated user to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests.
CVE-2022-29057: FortiEDR – Cross Site Scripting (XSS) vulnerabilities over the Management Console
An improper neutralization of input during web page generation vulnerability in FortiEDR Central Manager
CVE-2022-26118 : FortiManager & FortiAnalyzer – Privilege escalation vulnerability
A privilege chaining vulnerability in FortiManager and FortiAnalyzer may allow a local and authenticated user to attack
CVE-2022-26117: FortiNAC – Unprotected MySQL root account
An empty password in configuration file vulnerability in FortiNAC may allow an authenticated attacker to access the database.
CVE-2021-44170: FortiOS & FortiProxy – Stack-based buffer overflows in diagnostic CLI commands
A stack-based buffer overflow vulnerability in the command line interpreter of FortiOS and FortiProxy may allow code injection.
CVE-2022-23438: FortiOS — XSS vulnerability observed in the authentication replacement pages
An improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability in FortiOS.
CVE-2021-42755: Multiple products – Integer overflow in dhcpd daemon
An integer overflow / wraparound vulnerability in the FortiOS, FortiProxy, FortiSwitch, FortiRecoder, and FortiVoiceEnterprise
Cyber Security Specialist with 18+ years of industry experience . Worked on the projects with AT&T, Citrix, Google, Conexant, IPolicy Networks (Tech Mahindra) and HFCL. Constantly keeping world update on the happening in Cyber Security Area.