Fortinet

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-6692 1Fortinet 1Forticlient Nov 21, 2024 Oct 24, 2019 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL.
CVE-2019-15703 1Fortinet 1Fortios Nov 21, 2024 Oct 24, 2019 N/A· v4 7.5 HIGH· v3 2.6 LOW· v2 An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover...Show more An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.Show less
CVE-2019-5590 1Fortinet 1Fortiweb Nov 21, 2024 Aug 28, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form...Show more The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.Show less
CVE-2019-6695 1Fortinet 1Fortimanager Nov 21, 2024 Aug 23, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.
CVE-2019-5594 1Fortinet 1Fortinac Nov 21, 2024 Aug 23, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack vi...Show more An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.Show less
CVE-2018-13367 1Fortinet 1Fortios Nov 21, 2024 Aug 23, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI.
CVE-2019-6698 1Fortinet 1Fortirecorder Firmware Nov 21, 2024 Aug 23, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take cont...Show more Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device.Show less
CVE-2019-5592 1Fortinet 1Fortios Ips Engine Nov 21, 2024 Aug 23, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, whe...Show more Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.Show less
CVE-2019-13402 1Fortinet 1Fcm Mb40 Firmware Nov 21, 2024 Jul 8, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system account...Show more /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset.Show less
CVE-2019-13401 1Fortinet 1Fcm Mb40 Firmware Nov 21, 2024 Jul 8, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/.
CVE-2019-13400 1Fortinet 1Fcm Mb40 Firmware Nov 21, 2024 Jul 8, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info.
CVE-2019-13399 1Fortinet 1Fcm Mb40 Firmware Nov 21, 2024 Jul 8, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation.
CVE-2019-13398 1Fortinet 1Fcm Mb40 Firmware Nov 21, 2024 Jul 8, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and...Show more Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi.Show less
CVE-2019-5588 1Fortinet 1Fortios Nov 21, 2024 Jun 4, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error pr...Show more A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests.Show less
CVE-2019-5587 1Fortinet 1Fortios Nov 21, 2024 Jun 4, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through...Show more Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods.Show less
CVE-2019-5586 1Fortinet 1Fortios Nov 21, 2024 Jun 4, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parame...Show more A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests.Show less
CVE-2018-13384 1Fortinet 1Fortios Nov 21, 2024 Jun 4, 2019 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users t...Show more A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.Show less
CVE-2018-13382 1Fortinet 2Fortios Fortiproxy Oct 24, 2025 Jun 4, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unaut...Show more An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requestsShow less
CVE-2018-13381 1Fortinet 2Fortios Fortiproxy Nov 21, 2024 Jun 4, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated...Show more A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads.Show less
CVE-2018-13380 1Fortinet 2Fortios Fortiproxy Nov 21, 2024 Jun 4, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to exe...Show more A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.Show less

Previous 1...464748...56 Next