Skip to main content

Fortiedr

6 CVEs product

Monthly

CVE-2023-44248 MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortiedr
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33303 HIGH PATCH This Week

A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Fortinet Authentication Bypass Fortiedr
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-39949 MEDIUM This Month

An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortiedr
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-23440 HIGH PATCH This Week

A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Fortiedr
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23446 MEDIUM PATCH This Month

A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Fortinet Information Disclosure Fortiedr
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-23441 CRITICAL PATCH Act Now

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Fortiedr
NVD
CVSS 3.1
9.1
EPSS
0.9%
EPSS 0% CVSS 5.5
MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortiedr
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Fortinet Authentication Bypass Fortiedr
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortiedr
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Fortiedr
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Fortinet Information Disclosure Fortiedr
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Fortiedr
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy