Vulnerabilities > Fortinet > Fortios

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2019-5593 Improper Handling of Exceptional Conditions vulnerability in Fortinet Fortios
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.
local
low complexity
fortinet CWE-755
5.5
2019-11-27 CVE-2019-15705 Improper Input Validation vulnerability in Fortinet Fortios
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request.
network
low complexity
fortinet CWE-20
7.5
2019-11-21 CVE-2019-6693 Use of Hard-coded Credentials vulnerability in Fortinet Fortios
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key.
network
low complexity
fortinet CWE-798
6.5
2019-11-21 CVE-2018-9195 Use of Hard-coded Credentials vulnerability in Fortinet Fortios
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages.
network
high complexity
fortinet CWE-798
5.9
2019-10-24 CVE-2019-15703 Insufficient Entropy vulnerability in Fortinet Fortios
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.
network
low complexity
fortinet CWE-331
7.5
2019-08-23 CVE-2018-13367 Information Exposure vulnerability in Fortinet Fortios
An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI.
network
low complexity
fortinet CWE-200
5.3
2019-06-04 CVE-2019-5588 Cross-site Scripting vulnerability in Fortinet Fortios
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests.
network
low complexity
fortinet CWE-79
6.1
2019-06-04 CVE-2019-5587 Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortios
Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods.
network
low complexity
fortinet CWE-345
6.5
2019-06-04 CVE-2019-5586 Cross-site Scripting vulnerability in Fortinet Fortios
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests.
network
low complexity
fortinet CWE-79
6.1
2019-06-04 CVE-2018-13384 Open Redirect vulnerability in Fortinet Fortios
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.
network
low complexity
fortinet CWE-601
6.1