CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fortinet : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2019-5594 79 XSS 2019-08-23 2019-08-26
4.3
None Remote Medium Not required None Partial None
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
52 CVE-2019-5592 347 2019-08-23 2020-08-24
4.3
None Remote Medium Not required Partial None None
Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.
53 CVE-2019-5590 79 Exec Code XSS 2019-08-28 2019-09-03
4.3
None Remote Medium Not required None Partial None
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.
54 CVE-2019-5588 79 Exec Code XSS 2019-06-04 2019-06-06
4.3
None Remote Medium Not required None Partial None
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests.
55 CVE-2019-5587 20 2019-06-04 2021-07-21
4.0
None Remote Low ??? None Partial None
Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods.
56 CVE-2019-5586 79 Exec Code XSS 2019-06-04 2019-10-23
4.3
None Remote Medium Not required None Partial None
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests.
57 CVE-2018-13383 787 Overflow 2019-05-29 2021-03-16
4.3
None Remote Medium Not required None None Partial
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
58 CVE-2018-13380 79 Exec Code XSS 2019-06-04 2021-04-06
4.3
None Remote Medium Not required None Partial None
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
59 CVE-2018-13378 200 +Info 2019-04-17 2019-04-17
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.
60 CVE-2018-13375 79 Exec Code XSS 2019-05-28 2019-05-30
4.3
None Remote Medium Not required None Partial None
An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).
61 CVE-2018-13374 732 2019-01-22 2021-06-03
4.0
None Remote Low ??? Partial None None
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
62 CVE-2018-13368 Exec Code 2019-05-30 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.
63 CVE-2018-9195 798 2019-11-21 2019-11-27
4.3
None Remote Medium Not required Partial None None
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below.
64 CVE-2018-9194 203 2018-09-05 2019-10-03
4.3
None Remote Medium Not required Partial None None
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used.
65 CVE-2018-9193 Exec Code 2019-05-30 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file.
66 CVE-2018-9192 203 2018-09-05 2019-10-03
4.3
None Remote Medium Not required Partial None None
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used.
67 CVE-2018-9191 Exec Code 2019-05-30 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates.
68 CVE-2018-9190 476 DoS 2019-02-08 2019-06-03
4.9
None Local Low Not required None None Complete
A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver.
69 CVE-2018-9186 79 Exec Code XSS CSRF 2018-05-31 2019-04-22
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.
70 CVE-2018-9185 200 +Info 2018-07-05 2018-08-27
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.
71 CVE-2018-1360 319 2019-04-25 2019-10-03
4.3
None Remote Medium Not required Partial None None
A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.
72 CVE-2018-1356 79 Exec Code XSS 2019-04-09 2019-05-02
4.3
None Remote Medium Not required None Partial None
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.
73 CVE-2018-1354 732 2018-06-27 2019-10-03
4.0
None Remote Low ??? None Partial None
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.
74 CVE-2018-1353 200 +Info 2018-09-05 2018-10-25
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom.
75 CVE-2017-17541 79 XSS 2018-07-16 2018-09-12
4.3
None Remote Medium Not required None Partial None
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
76 CVE-2017-14191 Bypass 2018-03-20 2019-10-03
4.3
None Remote Medium Not required None Partial None
An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.
77 CVE-2017-14190 79 XSS 2018-01-29 2018-02-14
4.3
None Remote Medium Not required None Partial None
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.
78 CVE-2017-14184 200 +Info 2017-12-15 2020-05-11
4.0
None Remote Low ??? Partial None None
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.
79 CVE-2017-14182 20 DoS 2017-10-27 2017-10-31
4.0
None Remote Low ??? None None Partial
A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API.
80 CVE-2017-7739 79 XSS 2017-11-13 2017-11-29
4.3
None Remote Medium Not required None Partial None
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim.
81 CVE-2017-7738 200 +Info 2017-12-13 2017-12-26
4.0
None Remote Low ??? Partial None None
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.
82 CVE-2017-7737 200 +Info 2017-08-10 2019-10-03
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.
83 CVE-2017-7733 79 Exec Code XSS 2017-10-27 2017-10-31
4.3
None Remote Medium Not required None Partial None
A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter.
84 CVE-2017-7732 79 XSS 2017-10-26 2017-11-17
4.3
None Remote Medium Not required None Partial None
A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests.
85 CVE-2017-7340 79 Exec Code XSS 2019-03-25 2019-03-26
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.
86 CVE-2017-7339 79 Exec Code XSS 2017-05-27 2017-05-31
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.
87 CVE-2017-3133 79 Exec Code XSS 2017-09-12 2017-09-14
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
88 CVE-2017-3132 79 Exec Code XSS 2017-09-12 2017-09-14
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
89 CVE-2017-3129 79 Exec Code XSS 2017-05-27 2017-06-02
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.
90 CVE-2017-3127 79 Exec Code XSS 2017-06-01 2017-07-11
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.
91 CVE-2017-3125 79 XSS 2017-04-12 2017-04-18
4.3
None Remote Medium Not required None Partial None
An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker.
92 CVE-2016-8492 200 +Info 2017-02-08 2017-03-02
4.3
None Remote Medium Not required Partial None None
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.
93 CVE-2016-7561 200 +Info 2016-10-05 2016-12-02
4.0
None Remote Low ??? Partial None None
Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.
94 CVE-2016-7542 200 +Info 2017-03-30 2017-07-28
4.0
None Remote Low ??? Partial None None
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.
95 CVE-2016-7541 254 2017-03-30 2017-04-04
4.3
None Remote Medium Not required None Partial None
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.
96 CVE-2016-5092 22 Dir. Trav. 2016-07-13 2016-07-14
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature.
97 CVE-2016-4969 79 XSS 2016-09-21 2016-09-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.
98 CVE-2016-4968 200 +Info 2016-09-21 2016-09-21
4.0
None Remote Low ??? Partial None None
The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.
99 CVE-2016-4967 200 +Info 2016-09-21 2016-09-21
4.0
None Remote Low ??? Partial None None
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.
100 CVE-2016-4966 287 2016-09-21 2016-09-21
4.0
None Remote Low ??? None Partial None
The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.
Total number of vulnerabilities : 135   Page : 1 2 (This Page)3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.