Vulnerabilities > Fortinet > Fortios > 5.6.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-04 | CVE-2018-13379 | Path Traversal vulnerability in Fortinet Fortios and Fortiproxy An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. | 9.8 |
| 2019-05-29 | CVE-2018-13365 | Information Exposure vulnerability in Fortinet Fortios An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. | 5.3 |
| 2019-05-29 | CVE-2018-13383 | Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages. | 6.5 |
| 2019-04-09 | CVE-2018-13366 | Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. | 5.3 |
| 2019-04-09 | CVE-2017-17544 | Improper Privilege Management vulnerability in Fortinet Fortios A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations. | 7.2 |
| 2019-01-22 | CVE-2018-13374 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortiadc and Fortios A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one. | 4.3 |
| 2018-07-05 | CVE-2018-9185 | Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | 8.1 |