← Back

Fortinet

fortinet

1,119 CVEs • 247 products

Products (247)

Click to collapse
Toggle
Fortios
fortios
267 CVEs
Fortiweb
fortiweb
124 CVEs
Fortiproxy
fortiproxy
117 CVEs
Fortimanager
fortimanager
112 CVEs
Fortianalyzer
fortianalyzer
92 CVEs
Forticlient
forticlient
85 CVEs
Fortisandbox
fortisandbox
58 CVEs
Fortimail
fortimail
46 CVEs
Fortiportal
fortiportal
44 CVEs
Fortiadc
fortiadc
43 CVEs
Fortisoar
fortisoar
31 CVEs
Fortinac
fortinac
30 CVEs
Fortisiem
fortisiem
29 CVEs
Fortimanager Cloud
fortimanager_cloud
27 CVEs
Fortipam
fortipam
25 CVEs
Fortivoice
fortivoice
24 CVEs
Fortiauthenticator
fortiauthenticator
23 CVEs
Fortiwlm
fortiwlm
23 CVEs
Fortiswitchmanager
fortiswitchmanager
19 CVEs
Fortinet Antivirus
fortinet_antivirus
18 CVEs
Fortianalyzer Cloud
fortianalyzer_cloud
17 CVEs
Fortiwan
fortiwan
16 CVEs
Fortitester
fortitester
16 CVEs
Fortimanager Firmware
fortimanager_firmware
15 CVEs
Fortiswitch
fortiswitch
14 CVEs
Fortiwlc
fortiwlc
14 CVEs
Fortianalyzer Big Data
fortianalyzer_big_data
13 CVEs
Forticlientems
forticlientems
13 CVEs
Fortianalyzer Firmware
fortianalyzer_firmware
12 CVEs
Fortinac F
fortinac-f
12 CVEs
Fortirecorder
fortirecorder
12 CVEs
Fortideceptor
fortideceptor
11 CVEs
Fortindr
fortindr
11 CVEs
Fortiisolator
fortiisolator
10 CVEs
Fortisase
fortisase
10 CVEs
Fortiap W2
fortiap-w2
9 CVEs
Fortisandbox Cloud
fortisandbox_cloud
8 CVEs
Fortiap
fortiap
7 CVEs
Fortiap U
fortiap-u
7 CVEs
Forticlient Enterprise Management Server
forticlient_enterprise_management_server
7 CVEs
Fortiextender Firmware
fortiextender_firmware
7 CVEs
Fortiedr
fortiedr
7 CVEs
Fortiddos F
fortiddos-f
7 CVEs
Fortiap S
fortiap-s
6 CVEs
Forticlient Endpoint Management Server
forticlient_endpoint_management_server
6 CVEs
Fortiadc Firmware
fortiadc_firmware
5 CVEs
Fcm Mb40 Firmware
fcm-mb40_firmware
5 CVEs
Fortirecorder Firmware
fortirecorder_firmware
5 CVEs
Fortiddos
fortiddos
5 CVEs
Fortiwebmanager
fortiwebmanager
4 CVEs
Fortiaiops
fortiaiops
4 CVEs
Fortisra
fortisra
4 CVEs
Fortidlp Agent
fortidlp_agent
4 CVEs
Fortibalancer 400 Firmware
fortibalancer_400_firmware
3 CVEs
Fortibalancer 1000 Firmware
fortibalancer_1000_firmware
3 CVEs
Fortibalancer 2000 Firmware
fortibalancer_2000_firmware
3 CVEs
Fortibalancer 3000 Firmware
fortibalancer_3000_firmware
3 CVEs
Fortitoken Mobile
fortitoken_mobile
3 CVEs
Fortigate
fortigate
2 CVEs
Fortigate 1000c
fortigate-1000c
2 CVEs
Fortigate 100d
fortigate-100d
2 CVEs
Fortigate 110c
fortigate-110c
2 CVEs
Fortigate 1240b
fortigate-1240b
2 CVEs
Fortigate 200b
fortigate-200b
2 CVEs
Fortigate 20c
fortigate-20c
2 CVEs
Fortigate 300c
fortigate-300c
2 CVEs
Fortigate 3040b
fortigate-3040b
2 CVEs
Fortigate 310b
fortigate-310b
2 CVEs
Fortigate 311b
fortigate-311b
2 CVEs
Fortigate 3140b
fortigate-3140b
2 CVEs
Fortigate 3240c
fortigate-3240c
2 CVEs
Fortigate 3810a
fortigate-3810a
2 CVEs
Fortigate 3950b
fortigate-3950b
2 CVEs
Fortigate 40c
fortigate-40c
2 CVEs
Fortigate 5001a Sw
fortigate-5001a-sw
2 CVEs
Fortigate 5001b
fortigate-5001b
2 CVEs
Fortigate 5020
fortigate-5020
2 CVEs
Fortigate 5060
fortigate-5060
2 CVEs
Fortigate 50b
fortigate-50b
2 CVEs
Fortigate 5101c
fortigate-5101c
2 CVEs
Fortigate 5140b
fortigate-5140b
2 CVEs
Fortigate 600c
fortigate-600c
2 CVEs
Fortigate 60c
fortigate-60c
2 CVEs
Fortigate 620b
fortigate-620b
2 CVEs
Fortigate 800c
fortigate-800c
2 CVEs
Fortigate 80c
fortigate-80c
2 CVEs
Fortigate Voice 80c
fortigate-voice-80c
2 CVEs
Fortigaterugged 100c
fortigaterugged-100c
2 CVEs
Fortiadc 1000e
fortiadc-1000e
2 CVEs
Fortiadc 1500d
fortiadc-1500d
2 CVEs
Fortiadc 2000d
fortiadc-2000d
2 CVEs
Fortiadc 200d
fortiadc-200d
2 CVEs
Fortiadc 300e
fortiadc-300e
2 CVEs
Fortiadc 4000d
fortiadc-4000d
2 CVEs
Fortiadc 400e
fortiadc-400e
2 CVEs
Fortiadc 600e
fortiadc-600e
2 CVEs
Forticlient Sslvpn Client
forticlient_sslvpn_client
2 CVEs
Fortios Ips Engine
fortios_ips_engine
2 CVEs
Fortiadc Manager
fortiadc_manager
2 CVEs
Fortipresence
fortipresence
2 CVEs

CVEs (1,119)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-16156
1Fortinet
1Fortiweb
Nov 21, 2024
Mar 12, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack...Show more
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).Show less
CVE-2019-16155
1Fortinet
1Forticlient
Nov 21, 2024
Feb 7, 2020
N/A· v4
7.1 HIGH· v3
6.6 MEDIUM· v2
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted...Show more
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite.Show less
CVE-2019-17652
1Fortinet
1Forticlient
Nov 21, 2024
Feb 6, 2020
N/A· v4
6.5 MEDIUM· v3
6.8 MEDIUM· v2
A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "Start...Show more
A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized.Show less
CVE-2019-16152
1Fortinet
1Forticlient
Nov 21, 2024
Feb 6, 2020
N/A· v4
6.5 MEDIUM· v3
6.8 MEDIUM· v2
A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC...Show more
A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated.Show less
CVE-2019-15711
1Fortinet
1Forticlient
Nov 21, 2024
Feb 6, 2020
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client...Show more
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process.Show less
CVE-2015-3613
1Fortinet
1Fortimanager
Nov 21, 2024
Feb 4, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page
CVE-2015-3612
1Fortinet
1Fortimanager
Nov 21, 2024
Feb 4, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.
CVE-2015-3611
1Fortinet
1Fortimanager
Nov 21, 2024
Feb 4, 2020
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.
CVE-2019-17651
1Fortinet
1Fortisiem
Nov 21, 2024
Jan 28, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Store...Show more
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule.Show less
CVE-2019-15712
1Fortinet
1Fortimail
Nov 21, 2024
Jan 23, 2020
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for.
CVE-2019-15707
1Fortinet
1Fortimail
Nov 21, 2024
Jan 23, 2020
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for.
CVE-2019-5593
1Fortinet
1Fortios
Nov 21, 2024
Jan 23, 2020
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption passwo...Show more
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.Show less
CVE-2019-16153
1Fortinet
1Fortisiem
Nov 21, 2024
Jan 23, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials.
CVE-2019-6700
1Fortinet
1Fortisiem
Nov 21, 2024
Jan 7, 2020
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source co...Show more
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.Show less
CVE-2019-16154
1Fortinet
1Fortiauthenticator
Nov 21, 2024
Jan 7, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page.
CVE-2019-15705
1Fortinet
1Fortios
Nov 21, 2024
Nov 27, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POS...Show more
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request.Show less
CVE-2019-6693
1Fortinet
1Fortios
Oct 24, 2025
Nov 21, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key...Show more
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).Show less
CVE-2019-17650
1Fortinet
1Forticlient
Nov 21, 2024
Nov 21, 2019
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized...Show more
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check.Show less
CVE-2019-15704
1Fortinet
1Forticlient
Nov 21, 2024
Nov 21, 2019
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.
CVE-2018-9195
1Fortinet
2Forticlient
Fortios
Nov 21, 2024
Nov 21, 2019
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and...Show more
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below.Show less