Fortinet Fortiddos

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Fortinet Fortiddos.

By the Year

In 2026 there have been 0 vulnerabilities in Fortinet Fortiddos. Last year, in 2025 Fortiddos had 2 security vulnerabilities published. Right now, Fortiddos is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	2	4.10
2024	1	7.80
2023	1	7.80
2022	2	7.20
2021	1	6.30

It may take a day or so for new Fortiddos vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortinet Fortiddos Security Vulnerabilities

Fortinet FortiDDoS CVE-2021-24008: Sensitive Info Exposure via JS File <5.4.0
CVE-2021-24008 - March 28, 2025

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file.

Information Disclosure

Fortinet FortiManager/<others> <=7.4.3 Cache Poison via External Host Header
CVE-2022-23439 4.1 - Medium - January 22, 2025

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

Externally Controlled Reference to a Resource in Another Sphere

FortiDDoS OS Command Injection 5.5.05.5.1 & 6.3.06.3.1
CVE-2022-27486 7.8 - High - August 13, 2024

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root` via `execute` CLI commands.

Shell injection

FortiADC OS Command Injection via Unsanitized Args (CVE-2022-40679)
CVE-2022-40679 7.8 - High - April 11, 2023

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Shell injection

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may
CVE-2022-29060 8.1 - High - July 19, 2022

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.

Use of Hard-coded Credentials

Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may
CVE-2021-36193 6.3 - Medium - February 02, 2022

Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.

Stack Overflow

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may
CVE-2021-42757 6.3 - Medium - December 08, 2021

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

Classic Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fortinet Fortiddos or by Fortinet? Click the Watch button to subscribe.

Fortinet
Vendor

Fortinet Fortiddos
Product

Fortinet Fortiddos

Don't miss out!

By the Year

Recent Fortinet Fortiddos Security Vulnerabilities

Fortinet FortiDDoS CVE-2021-24008: Sensitive Info Exposure via JS File <5.4.0 CVE-2021-24008 - March 28, 2025

Fortinet FortiManager/<others> <=7.4.3 Cache Poison via External Host Header CVE-2022-23439 4.1 - Medium - January 22, 2025

FortiDDoS OS Command Injection 5.5.05.5.1 & 6.3.06.3.1 CVE-2022-27486 7.8 - High - August 13, 2024

FortiADC OS Command Injection via Unsanitized Args (CVE-2022-40679) CVE-2022-40679 7.8 - High - April 11, 2023

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may CVE-2022-29060 8.1 - High - July 19, 2022

Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may CVE-2021-36193 6.3 - Medium - February 02, 2022

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may CVE-2021-42757 6.3 - Medium - December 08, 2021