Filtered by vendor Fortinet
Subscriptions
Filtered by product Fortios
Subscriptions
Total
177 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-37935 | 1 Fortinet | 1 Fortios | 2024-09-19 | 6.5 Medium |
A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | ||||
CVE-2023-41675 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-09-18 | 4.8 Medium |
A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. | ||||
CVE-2023-40718 | 1 Fortinet | 2 Fortios, Fortios Ips Engine | 2024-09-18 | 6.7 Medium |
A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. | ||||
CVE-2023-36555 | 1 Fortinet | 1 Fortios | 2024-09-18 | 3.9 Low |
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components. | ||||
CVE-2023-33301 | 1 Fortinet | 1 Fortios | 2024-09-18 | 6.5 Medium |
An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. | ||||
CVE-2023-42790 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-09-17 | 7.7 High |
A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | ||||
CVE-2021-43072 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortios and 1 more | 2024-09-17 | 6.3 Medium |
A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol. | ||||
CVE-2017-14187 | 1 Fortinet | 1 Fortios | 2024-09-17 | N/A |
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. | ||||
CVE-2018-9194 | 1 Fortinet | 1 Fortios | 2024-09-17 | N/A |
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used. | ||||
CVE-2018-9192 | 1 Fortinet | 1 Fortios | 2024-09-17 | N/A |
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. | ||||
CVE-2017-3131 | 1 Fortinet | 1 Fortios | 2024-09-17 | N/A |
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView. | ||||
CVE-2017-3133 | 1 Fortinet | 1 Fortios | 2024-09-17 | N/A |
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. | ||||
CVE-2017-7738 | 1 Fortinet | 1 Fortios | 2024-09-17 | N/A |
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. | ||||
CVE-2017-7739 | 1 Fortinet | 1 Fortios | 2024-09-17 | N/A |
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim. | ||||
CVE-2017-3130 | 1 Fortinet | 1 Fortios | 2024-09-16 | N/A |
An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. | ||||
CVE-2013-4604 | 1 Fortinet | 1 Fortios | 2024-09-16 | N/A |
Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role. | ||||
CVE-2017-14185 | 1 Fortinet | 1 Fortios | 2024-09-16 | N/A |
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal. | ||||
CVE-2017-7735 | 1 Fortinet | 1 Fortios | 2024-09-16 | N/A |
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups. | ||||
CVE-2013-1414 | 1 Fortinet | 30 Fortigate-1000c, Fortigate-100d, Fortigate-110c and 27 more | 2024-09-16 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown. | ||||
CVE-2017-14190 | 1 Fortinet | 1 Fortios | 2024-09-16 | N/A |
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests. |