High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-09	CVE-2017-17544	Improper Privilege Management vulnerability in Fortinet Fortios A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations. network low complexity fortinet CWE-269	7.2
2018-11-27	CVE-2018-13376	Unspecified vulnerability in Fortinet Fortios An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. network low complexity fortinet	7.5
2018-07-05	CVE-2018-9185	Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. network high complexity fortinet CWE-200	8.1
2017-12-13	CVE-2017-7738	Information Exposure vulnerability in Fortinet Fortios An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. network low complexity fortinet CWE-200	7.2
2017-08-10	CVE-2017-3130	Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. network low complexity fortinet CWE-200	7.5