Filtered by vendor Fortinet
Subscribe
Total
1059 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9191 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates.
|
|||||
| CVE-2018-9190 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver.
|
|||||
| CVE-2018-9186 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.
|
|||||
| CVE-2018-9185 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
|
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.
|
|||||
| CVE-2018-1360 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
|
A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.
|
|||||
| CVE-2018-1356 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.
|
|||||
| CVE-2018-1355 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.
|
|||||
| CVE-2018-1354 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.
|
|||||
| CVE-2018-1353 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom.
|
|||||
| CVE-2018-1352 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.
|
|||||
| CVE-2018-1351 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log.
|
|||||
| CVE-2018-13384 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.
|
|||||
| CVE-2018-13381 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads.
|
|||||
| CVE-2018-13380 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
|
|||||
| CVE-2018-13378 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
|
An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.
|
|||||
| CVE-2018-13376 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.
|
|||||
| CVE-2018-13375 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).
|
|||||
| CVE-2018-13371 | 1 Fortinet | 1 Fortios | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.
|
|||||
| CVE-2018-13368 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.
|
|||||
| CVE-2018-13367 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI.
|
|||||
| CVE-2018-13366 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol.
|
|||||
| CVE-2018-13365 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page.
|
|||||
| CVE-2017-7342 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
|
|||||
| CVE-2017-7340 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.
|
|||||
| CVE-2017-17544 | 1 Fortinet | 1 Fortios | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations.
|
|||||
| CVE-2017-17543 | 1 Fortinet | 2 Forticlient, Forticlient Sslvpn Client | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.
|
|||||
| CVE-2017-17541 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
|
|||||
| CVE-2017-17540 | 1 Fortinet | 1 Fortiwlc | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.
|
|||||
| CVE-2017-17539 | 1 Fortinet | 1 Fortiwlc | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.
|
|||||
| CVE-2017-14191 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.
|
|||||
| CVE-2017-14190 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.
|
|||||
| CVE-2017-14187 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.2 HIGH | 6.2 MEDIUM |
|
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.
|
|||||
| CVE-2017-14185 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.
|
|||||
| CVE-2015-3613 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page
|
|||||
| CVE-2015-3612 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.
|
|||||
| CVE-2015-3611 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.
|
|||||
| CVE-2014-2723 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.
|
|||||
| CVE-2014-2722 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.
|
|||||
| CVE-2014-2721 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.
|
|||||
| CVE-2012-6347 | 1 Fortinet | 1 Fortidb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyP ...
Show More |
|||||