Fortinet

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-15709 1Fortinet 3Fortiap S Fortiap UFortiap W2 Nov 21, 2024 Jun 1, 2020 N/A· v4 6.5 MEDIUM· v3 8.5 HIGH· v2 An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump comm...Show more An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.Show less
CVE-2020-9294 1Fortinet 2Fortimail Fortivoice Nov 21, 2024 Apr 27, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by req...Show more An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.Show less
CVE-2020-9286 1Fortinet 1Fortiadc Firmware Nov 21, 2024 Apr 7, 2020 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
CVE-2020-6647 1Fortinet 1Fortiadc Firmware Nov 21, 2024 Apr 7, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
CVE-2019-17657 1Fortinet 5Fortianalyzer Fortiap SFortiap W2+2 more Nov 21, 2024 Apr 7, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause ad...Show more An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.Show less
CVE-2018-13371 1Fortinet 1Fortios Nov 21, 2024 Apr 2, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.
CVE-2014-2723 1Fortinet 4Fortibalancer 1000 Firmware Fortibalancer 2000 FirmwareFortibalancer 3000 Firmware+1 more Nov 21, 2024 Mar 19, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is ca...Show more In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.Show less
CVE-2014-2722 1Fortinet 4Fortibalancer 1000 Firmware Fortibalancer 2000 FirmwareFortibalancer 3000 Firmware+1 more Nov 21, 2024 Mar 19, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is ca...Show more In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.Show less
CVE-2014-2721 1Fortinet 4Fortibalancer 1000 Firmware Fortibalancer 2000 FirmwareFortibalancer 3000 Firmware+1 more Nov 21, 2024 Mar 19, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is ca...Show more In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.Show less
CVE-2020-6646 1Fortinet 1Fortiweb Nov 21, 2024 Mar 17, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.
CVE-2019-6696 1Fortinet 1Fortios Nov 21, 2024 Mar 15, 2020 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin in...Show more An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.Show less
CVE-2019-17654 1Fortinet 1Fortimanager Nov 21, 2024 Mar 15, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
CVE-2019-15708 1Fortinet 4Fortiap Fortiap SFortiap U+1 more Nov 21, 2024 Mar 15, 2020 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary...Show more A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.Show less
CVE-2020-9290 1Fortinet 2Forticlient Forticlient Virtual Private Network Nov 21, 2024 Mar 15, 2020 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineI...Show more An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.Show less
CVE-2020-9287 1Fortinet 1Forticlient Emergency Management Server Nov 21, 2024 Mar 15, 2020 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary c...Show more An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.Show less
CVE-2019-6699 1Fortinet 1Fortiadc Nov 21, 2024 Mar 13, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface.
CVE-2019-16157 1Fortinet 1Fortiweb Nov 21, 2024 Mar 13, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands.
CVE-2019-17653 1Fortinet 1Fortisiem Nov 21, 2024 Mar 12, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by per...Show more A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.Show less
CVE-2020-6643 1Fortinet 1Fortiisolator Nov 21, 2024 Mar 12, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS).
CVE-2019-17658 1Fortinet 1Forticlient Nov 21, 2024 Mar 12, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.

Previous 1...444546...56 Next