Vulnerabilities > Fortinet > Fortios

DATE CVE VULNERABILITY TITLE RISK
2017-05-23 CVE-2017-3128 Cross-site Scripting vulnerability in Fortinet Fortios
A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.
network
low complexity
fortinet CWE-79
4.8
2017-03-30 CVE-2016-7542 Information Exposure vulnerability in Fortinet Fortios
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.
network
low complexity
fortinet CWE-200
4.9
2017-03-30 CVE-2016-7541 7PK - Security Features vulnerability in Fortinet Fortios
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode.
network
high complexity
fortinet CWE-254
5.9
2017-02-08 CVE-2016-8492 Information Exposure vulnerability in Fortinet Fortios
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.
network
high complexity
fortinet CWE-200
5.9
2016-08-24 CVE-2016-6909 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fortinet Fortios and Fortiswitch
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
network
low complexity
fortinet CWE-119
critical
9.8
2016-04-08 CVE-2016-3978 Cross-site Scripting vulnerability in Fortinet Fortios
The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login."
network
low complexity
fortinet CWE-79
6.1
2016-01-15 CVE-2016-1909 Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortios
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
network
low complexity
fortinet CWE-264
critical
9.8