Fortinet

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-3130 1Fortinet 1Fortios May 13, 2026 Aug 10, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.
CVE-2017-7336 1Fortinet 1Fortiwlm May 13, 2026 Jul 22, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.
CVE-2016-8493 1Fortinet 1Forticlient May 13, 2026 Jun 26, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.
CVE-2017-3127 1Fortinet 1Fortios May 13, 2026 Jun 1, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.
CVE-2017-7731 1Fortinet 1Fortiportal May 13, 2026 May 27, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.
CVE-2017-7343 1Fortinet 1Fortiportal May 13, 2026 May 27, 2017 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.
CVE-2017-7339 1Fortinet 1Fortiportal May 13, 2026 May 27, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' funct...Show more A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.Show less
CVE-2017-7338 1Fortinet 1Fortiportal May 13, 2026 May 27, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.
CVE-2017-7337 1Fortinet 1Fortiportal May 13, 2026 May 27, 2017 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens...Show more An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.Show less
CVE-2017-3134 1Fortinet 1Fortiwlc Sd May 13, 2026 May 27, 2017 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'.
CVE-2017-3129 1Fortinet 1Fortiweb May 13, 2026 May 27, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher featur...Show more A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.Show less
CVE-2017-3126 1Fortinet 2Fortianalyzer Firmware Fortimanager Firmware May 13, 2026 May 27, 2017 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
CVE-2017-3128 1Fortinet 1Fortios May 13, 2026 May 23, 2017 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.
CVE-2017-3125 1Fortinet 1Fortimail May 13, 2026 Apr 12, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming th...Show more An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker.Show less
CVE-2016-7542 1Fortinet 1Fortios May 13, 2026 Mar 30, 2017 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the applianc...Show more A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.Show less
CVE-2016-7541 1Fortinet 1Fortios May 13, 2026 Mar 30, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versio...Show more Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.Show less
CVE-2016-8495 1Fortinet 1Fortimanager Firmware May 13, 2026 Feb 13, 2017 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fo...Show more An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.Show less
CVE-2016-8494 1Fortinet 1Connect May 13, 2026 Feb 9, 2017 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme.
CVE-2016-8492 1Fortinet 1Fortios May 13, 2026 Feb 8, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.
CVE-2016-8491 1Fortinet 1Fortiwlc May 13, 2026 Feb 1, 2017 N/A· v4 9.1 CRITICAL· v3 9.4 HIGH· v2 The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.

Previous 1...505152...56 Next