Filtered by vendor Fortinet
Subscriptions
Filtered by product Fortios
Subscriptions
Total
189 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-13371 | 1 Fortinet | 1 Fortios | 2024-11-21 | 8.8 High |
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component. | ||||
CVE-2018-13367 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. | ||||
CVE-2018-13366 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. | ||||
CVE-2018-13365 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. | ||||
CVE-2017-7739 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim. | ||||
CVE-2017-7738 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. | ||||
CVE-2017-7735 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups. | ||||
CVE-2017-7734 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions. | ||||
CVE-2017-7733 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter. | ||||
CVE-2017-3133 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. | ||||
CVE-2017-3132 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. | ||||
CVE-2017-3131 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView. | ||||
CVE-2017-3130 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. | ||||
CVE-2017-3128 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. | ||||
CVE-2017-3127 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. | ||||
CVE-2017-17544 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.2 High |
A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations. | ||||
CVE-2017-14190 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests. | ||||
CVE-2017-14187 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. | ||||
CVE-2017-14186 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter. | ||||
CVE-2017-14185 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal. |