Vulnerabilities > Fortinet > Fortios > 3.3.5

DATE CVE VULNERABILITY TITLE RISK
2018-05-24 CVE-2017-14187 Improper Privilege Management vulnerability in Fortinet Fortios
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.
low complexity
fortinet CWE-269
6.2
2018-01-29 CVE-2017-14190 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.
network
low complexity
fortinet CWE-79
6.1
2017-11-29 CVE-2017-14186 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter.
network
low complexity
fortinet CWE-79
5.4
2017-09-12 CVE-2017-3133 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
network
low complexity
fortinet CWE-79
6.1
2017-09-12 CVE-2017-3132 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
network
low complexity
fortinet CWE-79
6.1
2017-02-08 CVE-2016-8492 Information Exposure vulnerability in Fortinet Fortios
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.
network
high complexity
fortinet CWE-200
5.9
2016-01-15 CVE-2016-1909 Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortios
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
network
low complexity
fortinet CWE-264
critical
9.8