VYPR

Fortinet

by Fortinet

CVEs (96)

  • CVE-2020-15937Mar 3, 2021
    risk 0.00cvss epss 0.01

    An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.

  • CVE-2020-12815Sep 24, 2020
    risk 0.00cvss epss 0.01

    An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.

  • CVE-2020-12818Sep 24, 2020
    risk 0.00cvss epss 0.01

    An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.

  • CVE-2020-12816Sep 24, 2020
    risk 0.00cvss epss 0.01

    An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.

  • CVE-2020-9288Jun 22, 2020
    risk 0.00cvss epss 0.01

    An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.

  • CVE-2019-15708Mar 15, 2020
    risk 0.00cvss epss 0.01

    A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig…

  • CVE-2019-6696Mar 15, 2020
    risk 0.00cvss epss 0.01

    An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.

  • CVE-2019-6699Mar 13, 2020
    risk 0.00cvss epss 0.01

    An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface.

  • CVE-2019-15703Oct 24, 2019
    risk 0.00cvss epss 0.01

    An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA…

  • CVE-2019-5588Jun 4, 2019
    risk 0.00cvss epss 0.01

    A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests.

  • CVE-2019-5586Jun 4, 2019
    risk 0.00cvss epss 0.01

    A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests.

  • CVE-2019-5587Jun 4, 2019
    risk 0.00cvss epss 0.00

    Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods.

  • CVE-2018-13384Jun 4, 2019
    risk 0.00cvss epss 0.01

    A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.

  • CVE-2018-13365May 29, 2019
    risk 0.00cvss epss 0.01

    An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page.

  • CVE-2018-13366Apr 9, 2019
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol.

  • CVE-2005-3400Nov 1, 2005
    risk 0.00cvss epss 0.01

    Multiple interpretation error in Fortinet 2.48.0.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still…

Page 5 of 5