Vendor CVEs
Fortinet
All CVEs
1,127 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-9288 | 0.00 | — | 0.01 | Jun 22, 2020 | An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile. | |||
| CVE-2019-17655 | 0.00 | — | 0.01 | Jun 16, 2020 | A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the… | |||
| CVE-2020-9289 | 0.00 | — | 0.02 | Jun 16, 2020 | Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of… | |||
| CVE-2020-9292 | 0.00 | — | 0.02 | Jun 4, 2020 | An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path. | |||
| CVE-2019-16150 | 0.00 | — | 0.01 | Jun 4, 2020 | Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via… | |||
| CVE-2020-9291 | 0.00 | — | 0.01 | Jun 1, 2020 | An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack. | |||
| CVE-2019-15709 | 0.00 | — | 0.01 | Jun 1, 2020 | An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI. | |||
| CVE-2020-9286 | 0.00 | — | 0.01 | Apr 7, 2020 | An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system. | |||
| CVE-2020-6647 | 0.00 | — | 0.01 | Apr 7, 2020 | An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. | |||
| CVE-2019-17657 | 0.00 | — | 0.02 | Apr 7, 2020 | An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special… | |||
| CVE-2018-13371 | 0.00 | — | 0.01 | Apr 2, 2020 | An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component. | |||
| CVE-2014-2723 | 0.00 | — | 0.02 | Mar 19, 2020 | In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an… | |||
| CVE-2014-2721 | 0.00 | — | 0.02 | Mar 19, 2020 | In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an… | |||
| CVE-2014-2722 | 0.00 | — | 0.02 | Mar 19, 2020 | In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an… | |||
| CVE-2020-6646 | 0.00 | — | 0.01 | Mar 17, 2020 | An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message. | |||
| CVE-2019-15708 | 0.00 | — | 0.01 | Mar 15, 2020 | A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig… | |||
| CVE-2019-17654 | 0.00 | — | 0.00 | Mar 15, 2020 | An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. | |||
| CVE-2019-6696 | 0.00 | — | 0.01 | Mar 15, 2020 | An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. | |||
| CVE-2020-9287 | 0.00 | — | 0.01 | Mar 15, 2020 | An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library… | |||
| CVE-2020-9290 | 0.00 | — | 0.01 | Mar 15, 2020 | An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the… | |||
| CVE-2019-6699 | 0.00 | — | 0.01 | Mar 13, 2020 | An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. | |||
| CVE-2019-16157 | 0.00 | — | 0.01 | Mar 13, 2020 | An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. | |||
| CVE-2019-17653 | 0.00 | — | 0.01 | Mar 12, 2020 | A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. | |||
| CVE-2019-17658 | 0.00 | — | 0.02 | Mar 12, 2020 | An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path. | |||
| CVE-2020-6643 | 0.00 | — | 0.01 | Mar 12, 2020 | An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS). | |||
| CVE-2019-16156 | 0.00 | — | 0.01 | Mar 12, 2020 | An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS). | |||
| CVE-2019-16155 | 0.00 | — | 0.00 | Feb 7, 2020 | A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched… | |||
| CVE-2019-16152 | 0.00 | — | 0.01 | Feb 6, 2020 | A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not… | |||
| CVE-2019-17652 | 0.00 | — | 0.01 | Feb 6, 2020 | A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched… | |||
| CVE-2019-15711 | 0.00 | — | 0.01 | Feb 6, 2020 | A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. | |||
| CVE-2015-3613 | 0.00 | — | 0.02 | Feb 4, 2020 | A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page | |||
| CVE-2015-3612 | 0.00 | — | 0.01 | Feb 4, 2020 | A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. | |||
| CVE-2015-3611 | 0.00 | — | 0.06 | Feb 4, 2020 | A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. | |||
| CVE-2019-17651 | 0.00 | — | 0.01 | Jan 28, 2020 | An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious… | |||
| CVE-2019-15707 | 0.00 | — | 0.01 | Jan 23, 2020 | An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for. | |||
| CVE-2019-5593 | 0.00 | — | 0.00 | Jan 23, 2020 | Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or… | |||
| CVE-2019-16153 | 0.00 | — | 0.01 | Jan 23, 2020 | A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. | |||
| CVE-2019-19592 | 0.00 | — | 0.01 | Jan 21, 2020 | Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting | |||
| CVE-2019-16154 | 0.00 | — | 0.01 | Jan 7, 2020 | An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page. | |||
| CVE-2019-6700 | 0.00 | — | 0.01 | Jan 7, 2020 | An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code. | |||
| CVE-2019-15705 | 0.00 | — | 0.01 | Nov 27, 2019 | An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. | |||
| CVE-2019-17650 | 0.00 | — | 0.00 | Nov 21, 2019 | An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check. | |||
| CVE-2018-9195 | 0.00 | — | 0.02 | Nov 21, 2019 | Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in… | |||
| CVE-2019-15704 | 0.00 | — | 0.00 | Nov 21, 2019 | A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway. | |||
| CVE-2019-15710 | 0.00 | — | 0.02 | Oct 31, 2019 | An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands. | |||
| CVE-2019-15703 | 0.00 | — | 0.01 | Oct 24, 2019 | An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA… | |||
| CVE-2019-6692 | 0.00 | — | 0.01 | Oct 24, 2019 | A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. | |||
| CVE-2019-5590 | 0.00 | — | 0.01 | Aug 28, 2019 | The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form. | |||
| CVE-2019-5594 | 0.00 | — | 0.01 | Aug 23, 2019 | An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. | |||
| CVE-2019-6695 | 0.00 | — | 0.01 | Aug 23, 2019 | Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. |
- CVE-2020-9288Jun 22, 2020risk 0.00cvss —epss 0.01
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.
- CVE-2019-17655Jun 16, 2020risk 0.00cvss —epss 0.01
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the…
- CVE-2020-9289Jun 16, 2020risk 0.00cvss —epss 0.02
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of…
- CVE-2020-9292Jun 4, 2020risk 0.00cvss —epss 0.02
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.
- CVE-2019-16150Jun 4, 2020risk 0.00cvss —epss 0.01
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via…
- CVE-2020-9291Jun 1, 2020risk 0.00cvss —epss 0.01
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
- CVE-2019-15709Jun 1, 2020risk 0.00cvss —epss 0.01
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.
- CVE-2020-9286Apr 7, 2020risk 0.00cvss —epss 0.01
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
- CVE-2020-6647Apr 7, 2020risk 0.00cvss —epss 0.01
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
- CVE-2019-17657Apr 7, 2020risk 0.00cvss —epss 0.02
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special…
- CVE-2018-13371Apr 2, 2020risk 0.00cvss —epss 0.01
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.
- CVE-2014-2723Mar 19, 2020risk 0.00cvss —epss 0.02
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an…
- CVE-2014-2721Mar 19, 2020risk 0.00cvss —epss 0.02
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an…
- CVE-2014-2722Mar 19, 2020risk 0.00cvss —epss 0.02
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an…
- CVE-2020-6646Mar 17, 2020risk 0.00cvss —epss 0.01
An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.
- CVE-2019-15708Mar 15, 2020risk 0.00cvss —epss 0.01
A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig…
- CVE-2019-17654Mar 15, 2020risk 0.00cvss —epss 0.00
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
- CVE-2019-6696Mar 15, 2020risk 0.00cvss —epss 0.01
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.
- CVE-2020-9287Mar 15, 2020risk 0.00cvss —epss 0.01
An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library…
- CVE-2020-9290Mar 15, 2020risk 0.00cvss —epss 0.01
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the…
- CVE-2019-6699Mar 13, 2020risk 0.00cvss —epss 0.01
An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface.
- CVE-2019-16157Mar 13, 2020risk 0.00cvss —epss 0.01
An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands.
- CVE-2019-17653Mar 12, 2020risk 0.00cvss —epss 0.01
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.
- CVE-2019-17658Mar 12, 2020risk 0.00cvss —epss 0.02
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
- CVE-2020-6643Mar 12, 2020risk 0.00cvss —epss 0.01
An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS).
- CVE-2019-16156Mar 12, 2020risk 0.00cvss —epss 0.01
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).
- CVE-2019-16155Feb 7, 2020risk 0.00cvss —epss 0.00
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched…
- CVE-2019-16152Feb 6, 2020risk 0.00cvss —epss 0.01
A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not…
- CVE-2019-17652Feb 6, 2020risk 0.00cvss —epss 0.01
A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched…
- CVE-2019-15711Feb 6, 2020risk 0.00cvss —epss 0.01
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process.
- CVE-2015-3613Feb 4, 2020risk 0.00cvss —epss 0.02
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page
- CVE-2015-3612Feb 4, 2020risk 0.00cvss —epss 0.01
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.
- CVE-2015-3611Feb 4, 2020risk 0.00cvss —epss 0.06
A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.
- CVE-2019-17651Jan 28, 2020risk 0.00cvss —epss 0.01
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious…
- CVE-2019-15707Jan 23, 2020risk 0.00cvss —epss 0.01
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for.
- CVE-2019-5593Jan 23, 2020risk 0.00cvss —epss 0.00
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or…
- CVE-2019-16153Jan 23, 2020risk 0.00cvss —epss 0.01
A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials.
- CVE-2019-19592Jan 21, 2020risk 0.00cvss —epss 0.01
Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting
- CVE-2019-16154Jan 7, 2020risk 0.00cvss —epss 0.01
An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page.
- CVE-2019-6700Jan 7, 2020risk 0.00cvss —epss 0.01
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.
- CVE-2019-15705Nov 27, 2019risk 0.00cvss —epss 0.01
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request.
- CVE-2019-17650Nov 21, 2019risk 0.00cvss —epss 0.00
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check.
- CVE-2018-9195Nov 21, 2019risk 0.00cvss —epss 0.02
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in…
- CVE-2019-15704Nov 21, 2019risk 0.00cvss —epss 0.00
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.
- CVE-2019-15710Oct 31, 2019risk 0.00cvss —epss 0.02
An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands.
- CVE-2019-15703Oct 24, 2019risk 0.00cvss —epss 0.01
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA…
- CVE-2019-6692Oct 24, 2019risk 0.00cvss —epss 0.01
A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL.
- CVE-2019-5590Aug 28, 2019risk 0.00cvss —epss 0.01
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.
- CVE-2019-5594Aug 23, 2019risk 0.00cvss —epss 0.01
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
- CVE-2019-6695Aug 23, 2019risk 0.00cvss —epss 0.01
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.
Page 21 of 23