← Back

Fortinet

fortinet

1,119 CVEs • 247 products

Products (247)

Click to collapse
Toggle
Fortios
fortios
267 CVEs
Fortiweb
fortiweb
124 CVEs
Fortiproxy
fortiproxy
117 CVEs
Fortimanager
fortimanager
112 CVEs
Fortianalyzer
fortianalyzer
92 CVEs
Forticlient
forticlient
85 CVEs
Fortisandbox
fortisandbox
58 CVEs
Fortimail
fortimail
46 CVEs
Fortiportal
fortiportal
44 CVEs
Fortiadc
fortiadc
43 CVEs
Fortisoar
fortisoar
31 CVEs
Fortinac
fortinac
30 CVEs
Fortisiem
fortisiem
29 CVEs
Fortimanager Cloud
fortimanager_cloud
27 CVEs
Fortipam
fortipam
25 CVEs
Fortivoice
fortivoice
24 CVEs
Fortiauthenticator
fortiauthenticator
23 CVEs
Fortiwlm
fortiwlm
23 CVEs
Fortiswitchmanager
fortiswitchmanager
19 CVEs
Fortinet Antivirus
fortinet_antivirus
18 CVEs
Fortianalyzer Cloud
fortianalyzer_cloud
17 CVEs
Fortiwan
fortiwan
16 CVEs
Fortitester
fortitester
16 CVEs
Fortimanager Firmware
fortimanager_firmware
15 CVEs
Fortiswitch
fortiswitch
14 CVEs
Fortiwlc
fortiwlc
14 CVEs
Fortianalyzer Big Data
fortianalyzer_big_data
13 CVEs
Forticlientems
forticlientems
13 CVEs
Fortianalyzer Firmware
fortianalyzer_firmware
12 CVEs
Fortinac F
fortinac-f
12 CVEs
Fortirecorder
fortirecorder
12 CVEs
Fortideceptor
fortideceptor
11 CVEs
Fortindr
fortindr
11 CVEs
Fortiisolator
fortiisolator
10 CVEs
Fortisase
fortisase
10 CVEs
Fortiap W2
fortiap-w2
9 CVEs
Fortisandbox Cloud
fortisandbox_cloud
8 CVEs
Fortiap
fortiap
7 CVEs
Fortiap U
fortiap-u
7 CVEs
Forticlient Enterprise Management Server
forticlient_enterprise_management_server
7 CVEs
Fortiextender Firmware
fortiextender_firmware
7 CVEs
Fortiedr
fortiedr
7 CVEs
Fortiddos F
fortiddos-f
7 CVEs
Fortiap S
fortiap-s
6 CVEs
Forticlient Endpoint Management Server
forticlient_endpoint_management_server
6 CVEs
Fortiadc Firmware
fortiadc_firmware
5 CVEs
Fcm Mb40 Firmware
fcm-mb40_firmware
5 CVEs
Fortirecorder Firmware
fortirecorder_firmware
5 CVEs
Fortiddos
fortiddos
5 CVEs
Fortiwebmanager
fortiwebmanager
4 CVEs
Fortiaiops
fortiaiops
4 CVEs
Fortisra
fortisra
4 CVEs
Fortidlp Agent
fortidlp_agent
4 CVEs
Fortibalancer 400 Firmware
fortibalancer_400_firmware
3 CVEs
Fortibalancer 1000 Firmware
fortibalancer_1000_firmware
3 CVEs
Fortibalancer 2000 Firmware
fortibalancer_2000_firmware
3 CVEs
Fortibalancer 3000 Firmware
fortibalancer_3000_firmware
3 CVEs
Fortitoken Mobile
fortitoken_mobile
3 CVEs
Fortigate
fortigate
2 CVEs
Fortigate 1000c
fortigate-1000c
2 CVEs
Fortigate 100d
fortigate-100d
2 CVEs
Fortigate 110c
fortigate-110c
2 CVEs
Fortigate 1240b
fortigate-1240b
2 CVEs
Fortigate 200b
fortigate-200b
2 CVEs
Fortigate 20c
fortigate-20c
2 CVEs
Fortigate 300c
fortigate-300c
2 CVEs
Fortigate 3040b
fortigate-3040b
2 CVEs
Fortigate 310b
fortigate-310b
2 CVEs
Fortigate 311b
fortigate-311b
2 CVEs
Fortigate 3140b
fortigate-3140b
2 CVEs
Fortigate 3240c
fortigate-3240c
2 CVEs
Fortigate 3810a
fortigate-3810a
2 CVEs
Fortigate 3950b
fortigate-3950b
2 CVEs
Fortigate 40c
fortigate-40c
2 CVEs
Fortigate 5001a Sw
fortigate-5001a-sw
2 CVEs
Fortigate 5001b
fortigate-5001b
2 CVEs
Fortigate 5020
fortigate-5020
2 CVEs
Fortigate 5060
fortigate-5060
2 CVEs
Fortigate 50b
fortigate-50b
2 CVEs
Fortigate 5101c
fortigate-5101c
2 CVEs
Fortigate 5140b
fortigate-5140b
2 CVEs
Fortigate 600c
fortigate-600c
2 CVEs
Fortigate 60c
fortigate-60c
2 CVEs
Fortigate 620b
fortigate-620b
2 CVEs
Fortigate 800c
fortigate-800c
2 CVEs
Fortigate 80c
fortigate-80c
2 CVEs
Fortigate Voice 80c
fortigate-voice-80c
2 CVEs
Fortigaterugged 100c
fortigaterugged-100c
2 CVEs
Fortiadc 1000e
fortiadc-1000e
2 CVEs
Fortiadc 1500d
fortiadc-1500d
2 CVEs
Fortiadc 2000d
fortiadc-2000d
2 CVEs
Fortiadc 200d
fortiadc-200d
2 CVEs
Fortiadc 300e
fortiadc-300e
2 CVEs
Fortiadc 4000d
fortiadc-4000d
2 CVEs
Fortiadc 400e
fortiadc-400e
2 CVEs
Fortiadc 600e
fortiadc-600e
2 CVEs
Forticlient Sslvpn Client
forticlient_sslvpn_client
2 CVEs
Fortios Ips Engine
fortios_ips_engine
2 CVEs
Fortiadc Manager
fortiadc_manager
2 CVEs
Fortipresence
fortipresence
2 CVEs

CVEs (1,119)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-9192
1Fortinet
1Fortios
Nov 21, 2024
Sep 5, 2018
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0...Show more
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used.Show less
CVE-2018-1353
1Fortinet
1Fortimanager
Nov 21, 2024
Sep 5, 2018
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom.
CVE-2017-17541
1Fortinet
2Fortianalyzer Firmware
Fortimanager Firmware
Nov 21, 2024
Jul 16, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA an...Show more
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.Show less
CVE-2018-9185
1Fortinet
1Fortios
Nov 21, 2024
Jul 5, 2018
N/A· v4
8.1 HIGH· v3
4.3 MEDIUM· v2
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single...Show more
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.Show less
CVE-2018-1351
1Fortinet
1Fortimanager
Nov 21, 2024
Jun 28, 2018
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI...Show more
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log.Show less
CVE-2018-1355
1Fortinet
2Fortianalyzer
Fortimanager
Nov 21, 2024
Jun 27, 2018
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF documen...Show more
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.Show less
CVE-2018-1354
1Fortinet
2Fortianalyzer
Fortimanager
Nov 21, 2024
Jun 27, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary...Show more
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.Show less
CVE-2018-9186
1Fortinet
1Fortiauthenticator
Nov 21, 2024
May 31, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts...Show more
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.Show less
CVE-2017-14185
1Fortinet
1Fortios
Nov 21, 2024
May 25, 2018
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via spec...Show more
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.Show less
CVE-2017-14187
1Fortinet
1Fortios
Nov 21, 2024
May 24, 2018
N/A· v4
6.2 MEDIUM· v3
7.2 HIGH· v2
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an US...Show more
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.Show less
CVE-2017-17540
1Fortinet
1Fortiwlc
Nov 21, 2024
May 8, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.
CVE-2017-17539
1Fortinet
1Fortiwlc
Nov 21, 2024
May 8, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.
CVE-2017-17543
1Fortinet
2Forticlient
Forticlient Sslvpn Client
Nov 21, 2024
Apr 26, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335...Show more
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.Show less
CVE-2017-14191
1Fortinet
1Fortiweb
Nov 21, 2024
Mar 20, 2018
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own pro...Show more
An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.Show less
CVE-2012-6347
1Fortinet
1Fortidb
Nov 21, 2024
Feb 9, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext par...Show more
Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf, or (10) mapolicymgmt/maPolicyMasterList.jsf.Show less
CVE-2012-6346
1Fortinet
1Fortiweb
Nov 21, 2024
Feb 9, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate.
CVE-2012-0941
1Fortinet
1Fortios
Nov 21, 2024
Feb 8, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) End...Show more
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list.Show less
CVE-2017-14190
1Fortinet
1Fortios
Nov 21, 2024
Jan 29, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests...Show more
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.Show less
CVE-2017-14184
1Fortinet
2Forticlient
Forticlient Sslvpn Client
May 13, 2026
Dec 15, 2017
N/A· v4
8.8 HIGH· v3
4.0 MEDIUM· v2
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions a...Show more
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.Show less
CVE-2017-7344
1Fortinet
1Forticlient
May 13, 2026
Dec 14, 2017
N/A· v4
8.1 HIGH· v3
7.6 HIGH· v2
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon...Show more
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.Show less