← Back

Fortinet

fortinet

1,119 CVEs • 247 products

Products (247)

Click to collapse
Toggle
Fortios
fortios
267 CVEs
Fortiweb
fortiweb
124 CVEs
Fortiproxy
fortiproxy
117 CVEs
Fortimanager
fortimanager
112 CVEs
Fortianalyzer
fortianalyzer
92 CVEs
Forticlient
forticlient
85 CVEs
Fortisandbox
fortisandbox
58 CVEs
Fortimail
fortimail
46 CVEs
Fortiportal
fortiportal
44 CVEs
Fortiadc
fortiadc
43 CVEs
Fortisoar
fortisoar
31 CVEs
Fortinac
fortinac
30 CVEs
Fortisiem
fortisiem
29 CVEs
Fortimanager Cloud
fortimanager_cloud
27 CVEs
Fortipam
fortipam
25 CVEs
Fortivoice
fortivoice
24 CVEs
Fortiauthenticator
fortiauthenticator
23 CVEs
Fortiwlm
fortiwlm
23 CVEs
Fortiswitchmanager
fortiswitchmanager
19 CVEs
Fortinet Antivirus
fortinet_antivirus
18 CVEs
Fortianalyzer Cloud
fortianalyzer_cloud
17 CVEs
Fortiwan
fortiwan
16 CVEs
Fortitester
fortitester
16 CVEs
Fortimanager Firmware
fortimanager_firmware
15 CVEs
Fortiswitch
fortiswitch
14 CVEs
Fortiwlc
fortiwlc
14 CVEs
Fortianalyzer Big Data
fortianalyzer_big_data
13 CVEs
Forticlientems
forticlientems
13 CVEs
Fortianalyzer Firmware
fortianalyzer_firmware
12 CVEs
Fortinac F
fortinac-f
12 CVEs
Fortirecorder
fortirecorder
12 CVEs
Fortideceptor
fortideceptor
11 CVEs
Fortindr
fortindr
11 CVEs
Fortiisolator
fortiisolator
10 CVEs
Fortisase
fortisase
10 CVEs
Fortiap W2
fortiap-w2
9 CVEs
Fortisandbox Cloud
fortisandbox_cloud
8 CVEs
Fortiap
fortiap
7 CVEs
Fortiap U
fortiap-u
7 CVEs
Forticlient Enterprise Management Server
forticlient_enterprise_management_server
7 CVEs
Fortiextender Firmware
fortiextender_firmware
7 CVEs
Fortiedr
fortiedr
7 CVEs
Fortiddos F
fortiddos-f
7 CVEs
Fortiap S
fortiap-s
6 CVEs
Forticlient Endpoint Management Server
forticlient_endpoint_management_server
6 CVEs
Fortiadc Firmware
fortiadc_firmware
5 CVEs
Fcm Mb40 Firmware
fcm-mb40_firmware
5 CVEs
Fortirecorder Firmware
fortirecorder_firmware
5 CVEs
Fortiddos
fortiddos
5 CVEs
Fortiwebmanager
fortiwebmanager
4 CVEs
Fortiaiops
fortiaiops
4 CVEs
Fortisra
fortisra
4 CVEs
Fortidlp Agent
fortidlp_agent
4 CVEs
Fortibalancer 400 Firmware
fortibalancer_400_firmware
3 CVEs
Fortibalancer 1000 Firmware
fortibalancer_1000_firmware
3 CVEs
Fortibalancer 2000 Firmware
fortibalancer_2000_firmware
3 CVEs
Fortibalancer 3000 Firmware
fortibalancer_3000_firmware
3 CVEs
Fortitoken Mobile
fortitoken_mobile
3 CVEs
Fortigate
fortigate
2 CVEs
Fortigate 1000c
fortigate-1000c
2 CVEs
Fortigate 100d
fortigate-100d
2 CVEs
Fortigate 110c
fortigate-110c
2 CVEs
Fortigate 1240b
fortigate-1240b
2 CVEs
Fortigate 200b
fortigate-200b
2 CVEs
Fortigate 20c
fortigate-20c
2 CVEs
Fortigate 300c
fortigate-300c
2 CVEs
Fortigate 3040b
fortigate-3040b
2 CVEs
Fortigate 310b
fortigate-310b
2 CVEs
Fortigate 311b
fortigate-311b
2 CVEs
Fortigate 3140b
fortigate-3140b
2 CVEs
Fortigate 3240c
fortigate-3240c
2 CVEs
Fortigate 3810a
fortigate-3810a
2 CVEs
Fortigate 3950b
fortigate-3950b
2 CVEs
Fortigate 40c
fortigate-40c
2 CVEs
Fortigate 5001a Sw
fortigate-5001a-sw
2 CVEs
Fortigate 5001b
fortigate-5001b
2 CVEs
Fortigate 5020
fortigate-5020
2 CVEs
Fortigate 5060
fortigate-5060
2 CVEs
Fortigate 50b
fortigate-50b
2 CVEs
Fortigate 5101c
fortigate-5101c
2 CVEs
Fortigate 5140b
fortigate-5140b
2 CVEs
Fortigate 600c
fortigate-600c
2 CVEs
Fortigate 60c
fortigate-60c
2 CVEs
Fortigate 620b
fortigate-620b
2 CVEs
Fortigate 800c
fortigate-800c
2 CVEs
Fortigate 80c
fortigate-80c
2 CVEs
Fortigate Voice 80c
fortigate-voice-80c
2 CVEs
Fortigaterugged 100c
fortigaterugged-100c
2 CVEs
Fortiadc 1000e
fortiadc-1000e
2 CVEs
Fortiadc 1500d
fortiadc-1500d
2 CVEs
Fortiadc 2000d
fortiadc-2000d
2 CVEs
Fortiadc 200d
fortiadc-200d
2 CVEs
Fortiadc 300e
fortiadc-300e
2 CVEs
Fortiadc 4000d
fortiadc-4000d
2 CVEs
Fortiadc 400e
fortiadc-400e
2 CVEs
Fortiadc 600e
fortiadc-600e
2 CVEs
Forticlient Sslvpn Client
forticlient_sslvpn_client
2 CVEs
Fortios Ips Engine
fortios_ips_engine
2 CVEs
Fortiadc Manager
fortiadc_manager
2 CVEs
Fortipresence
fortipresence
2 CVEs

CVEs (1,119)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-7738
1Fortinet
1Fortios
May 13, 2026
Dec 13, 2017
N/A· v4
7.2 HIGH· v3
4.0 MEDIUM· v2
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which...Show more
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.Show less
CVE-2017-14189
1Fortinet
1Fortiweb Manager
May 13, 2026
Nov 29, 2017
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.
CVE-2017-14186
1Fortinet
1Fortios
May 13, 2026
Nov 29, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of...Show more
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter.Show less
CVE-2017-7736
1Fortinet
1Fortiweb
May 13, 2026
Nov 22, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certif...Show more
A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import.Show less
CVE-2017-7739
1Fortinet
1Fortios
May 13, 2026
Nov 13, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script...Show more
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim.Show less
CVE-2017-7733
1Fortinet
1Fortios
May 13, 2026
Oct 27, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter.
CVE-2017-14182
1Fortinet
1Fortios
May 13, 2026
Oct 27, 2017
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' paramet...Show more
A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API.Show less
CVE-2017-7732
1Fortinet
1Fortimail
May 13, 2026
Oct 26, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrar...Show more
A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests.Show less
CVE-2017-7341
1Fortinet
1Fortiwlc
May 13, 2026
Oct 26, 2017
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin u...Show more
An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests.Show less
CVE-2017-7335
1Fortinet
1Fortiwlc
May 13, 2026
Oct 26, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrar...Show more
A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests.Show less
CVE-2017-7735
1Fortinet
1Fortios
May 13, 2026
Sep 12, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing Us...Show more
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.Show less
CVE-2017-7734
1Fortinet
1Fortios
May 13, 2026
Sep 12, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.
CVE-2017-3133
1Fortinet
1Fortios
May 13, 2026
Sep 12, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
CVE-2017-3132
1Fortinet
1Fortios
May 13, 2026
Sep 12, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
CVE-2017-3131
1Fortinet
1Fortios
May 13, 2026
Sep 12, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
CVE-2015-3617
1Fortinet
1Fortimanager Firmware
May 13, 2026
Aug 22, 2017
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
CVE-2015-3616
1Fortinet
1Fortimanager Firmware
May 13, 2026
Aug 11, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
CVE-2015-3615
1Fortinet
1Fortimanager Firmware
May 13, 2026
Aug 11, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified paramet...Show more
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.Show less
CVE-2015-3614
1Fortinet
1Fortimanager Firmware
May 13, 2026
Aug 11, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.
CVE-2017-7737
1Fortinet
1Fortiweb
May 13, 2026
Aug 10, 2017
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.