Filtered by vendor Fortinet
Subscribe
Total
717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5586 | 1 Fortinet | 1 Fortios | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests. | |||||
| CVE-2019-6698 | 1 Fortinet | 4 Fortirecorder 100d, Fortirecorder 200d, Fortirecorder 400d and 1 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device. | |||||
| CVE-2017-7337 | 1 Fortinet | 1 Fortiportal | 2019-10-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. | |||||
| CVE-2017-14189 | 1 Fortinet | 1 Fortiweb Manager | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password. | |||||
| CVE-2017-7737 | 1 Fortinet | 1 Fortiweb | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. | |||||
| CVE-2018-9194 | 1 Fortinet | 1 Fortios | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used. | |||||
| CVE-2018-1360 | 1 Fortinet | 1 Fortimanager | 2019-10-03 | 4.3 MEDIUM | 8.1 HIGH |
| A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. | |||||
| CVE-2018-9192 | 1 Fortinet | 1 Fortios | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. | |||||
| CVE-2017-3134 | 1 Fortinet | 1 Fortiwlc-sd | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'. | |||||
| CVE-2018-13376 | 1 Fortinet | 1 Fortios | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. | |||||
| CVE-2017-7344 | 1 Fortinet | 1 Forticlient | 2019-10-03 | 7.6 HIGH | 8.1 HIGH |
| A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain. | |||||
| CVE-2017-14191 | 1 Fortinet | 1 Fortiweb | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie. | |||||
| CVE-2017-7341 | 1 Fortinet | 1 Fortiwlc | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests. | |||||
| CVE-2018-1354 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | |||||
| CVE-2017-14187 | 1 Fortinet | 1 Fortios | 2019-10-03 | 7.2 HIGH | 6.2 MEDIUM |
| A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. | |||||
| CVE-2019-5590 | 1 Fortinet | 1 Fortiweb | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form. | |||||
| CVE-2019-5594 | 1 Fortinet | 1 Fortinac | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. | |||||
| CVE-2019-13399 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2019-07-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation. | |||||
| CVE-2019-13401 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2019-07-09 | 6.8 MEDIUM | 8.8 HIGH |
| Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/. | |||||
| CVE-2019-5588 | 1 Fortinet | 1 Fortios | 2019-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests. | |||||