Vulnerabilities > Fortinet > Fortios > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-02-08 CVE-2018-1352 Use of Externally-Controlled Format String vulnerability in Fortinet Fortios 5.6.0
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.
network
low complexity
fortinet CWE-134
critical
9.8
2016-08-24 CVE-2016-6909 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fortinet Fortios and Fortiswitch
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
network
low complexity
fortinet CWE-119
critical
9.8
2016-01-15 CVE-2016-1909 Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortios
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
network
low complexity
fortinet CWE-264
critical
9.8