Skip to main content

Fortideceptor

7 CVEs product

Monthly

CVE-2026-25689 MEDIUM This Month

Fortinet FortiDeceptor versions 4.0 through 6.2.0 are vulnerable to argument injection that allows authenticated super-admin users with CLI access to delete sensitive files through crafted HTTP requests. The vulnerability requires high-level privileges and direct CLI access to exploit, limiting the attack surface to trusted administrators. No patch is currently available for this issue.

Fortinet Information Disclosure Fortideceptor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-35280 MEDIUM This Month

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet XSS Fortideceptor
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-45326 MEDIUM Monitor

An Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortideceptor
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-26209 MEDIUM This Month

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortideceptor
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2022-30305 HIGH PATCH This Week

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fortideceptor Fortisandbox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-38373 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortideceptor
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-6644 HIGH This Week

An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortideceptor
NVD
CVSS 3.1
8.1
EPSS
1.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

Fortinet FortiDeceptor versions 4.0 through 6.2.0 are vulnerable to argument injection that allows authenticated super-admin users with CLI access to delete sensitive files through crafted HTTP requests. The vulnerability requires high-level privileges and direct CLI access to exploit, limiting the attack surface to trusted administrators. No patch is currently available for this issue.

Fortinet Information Disclosure Fortideceptor
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet XSS Fortideceptor
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

An Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortideceptor
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortideceptor
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fortideceptor Fortisandbox
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortideceptor
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortideceptor
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy