Vulnerabilities > Fortinet > Fortios > 5.4.11

DATE CVE VULNERABILITY TITLE RISK
2021-12-08 CVE-2021-42757 Out-of-bounds Write vulnerability in Fortinet products
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
local
low complexity
fortinet CWE-787
6.7
2021-08-04 CVE-2021-24018 Out-of-bounds Write vulnerability in Fortinet Fortios
A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.
low complexity
fortinet CWE-787
8.8
2021-04-12 CVE-2019-17656 Out-of-bounds Write vulnerability in Fortinet Fortios
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server.
network
low complexity
fortinet CWE-787
6.5
2021-03-04 CVE-2020-15938 Unspecified vulnerability in Fortinet Fortios
When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.
network
low complexity
fortinet
7.5
2020-10-21 CVE-2020-6648 Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios and Fortiproxy
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.
network
low complexity
fortinet CWE-312
6.5
2020-09-24 CVE-2020-12818 Unspecified vulnerability in Fortinet Fortios
An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.
network
low complexity
fortinet
5.3
2020-08-14 CVE-2019-5591 Missing Authentication for Critical Function vulnerability in Fortinet Fortios
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
low complexity
fortinet CWE-306
6.5
2020-07-24 CVE-2020-12812 Improper Handling of Case Sensitivity vulnerability in Fortinet Fortios
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
network
low complexity
fortinet CWE-178
critical
9.8
2020-06-16 CVE-2019-17655 Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.
network
low complexity
fortinet CWE-312
7.5
2020-03-15 CVE-2019-6696 Open Redirect vulnerability in Fortinet Fortios
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.
network
low complexity
fortinet CWE-601
6.1