Fortinet

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-13379 1Fortinet 2Fortios Fortiproxy Oct 24, 2025 Jun 4, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0....Show more An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.Show less
CVE-2018-9193 1Fortinet 1Forticlient Mar 24, 2025 May 30, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A researcher has disclosed several vulnerabilities against FortiClient for Windows version 6.0.5 and below, version 5.6.6, the combination of these vulnerabilities can turn into an exploit chain, which allows a user to g...Show more A researcher has disclosed several vulnerabilities against FortiClient for Windows version 6.0.5 and below, version 5.6.6, the combination of these vulnerabilities can turn into an exploit chain, which allows a user to gain system privileges on Microsoft Windows.Show less
CVE-2018-9191 1Fortinet 1Forticlient Nov 21, 2024 May 30, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates.
CVE-2018-13368 1Fortinet 1Forticlient Nov 21, 2024 May 30, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.
CVE-2018-13365 1Fortinet 1Fortios Nov 21, 2024 May 29, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page.
CVE-2018-13383 1Fortinet 2Fortios Fortiproxy Oct 24, 2025 May 29, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web s...Show more A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.Show less
CVE-2019-5589 1Fortinet 1Forticlient Nov 21, 2024 May 28, 2019 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe res...Show more An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.Show less
CVE-2018-13375 1Fortinet 2Fortianalyzer Fortimanager Nov 21, 2024 May 28, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME param...Show more An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).Show less
CVE-2018-1360 1Fortinet 1Fortimanager Nov 21, 2024 Apr 25, 2019 N/A· v4 8.1 HIGH· v3 4.3 MEDIUM· v2 A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin pa...Show more A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.Show less
CVE-2018-13378 1Fortinet 1Fortisiem Nov 21, 2024 Apr 17, 2019 N/A· v4 7.2 HIGH· v3 4.0 MEDIUM· v2 An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.
CVE-2018-1356 1Fortinet 1Fortisandbox Nov 21, 2024 Apr 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.
CVE-2018-13366 1Fortinet 1Fortios Nov 21, 2024 Apr 9, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol.
CVE-2017-17544 1Fortinet 1Fortios Nov 21, 2024 Apr 9, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations.
CVE-2017-7342 1Fortinet 1Fortiportal Nov 21, 2024 Mar 25, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
CVE-2017-7340 1Fortinet 1Fortiportal Nov 21, 2024 Mar 25, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.
CVE-2018-9190 1Fortinet 1Forticlient Nov 21, 2024 Feb 8, 2019 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver.
CVE-2018-1352 1Fortinet 1Fortios Nov 21, 2024 Feb 8, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.
CVE-2018-13374 1Fortinet 2Fortiadc Fortios Oct 24, 2025 Jan 22, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDA...Show more A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.Show less
CVE-2018-13376 1Fortinet 1Fortios Nov 21, 2024 Nov 27, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the H...Show more An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.Show less
CVE-2018-9194 1Fortinet 1Fortios Nov 21, 2024 Sep 5, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0...Show more A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used.Show less

Previous 1...474849...56 Next