Vulnerabilities > Fortinet > Fortios > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-12 | CVE-2019-17656 | Out-of-bounds Write vulnerability in Fortinet Fortios A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. | 6.5 |
| 2021-03-03 | CVE-2020-15937 | Cross-site Scripting vulnerability in Fortinet Fortios An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard. | 6.1 |
| 2020-10-21 | CVE-2020-6648 | Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios and Fortiproxy A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command. | 6.5 |
| 2020-09-24 | CVE-2020-12818 | Unspecified vulnerability in Fortinet Fortios An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. | 5.3 |
| 2020-08-14 | CVE-2019-5591 | Missing Authentication for Critical Function vulnerability in Fortinet Fortios A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. | 6.5 |
| 2020-03-15 | CVE-2019-6696 | Open Redirect vulnerability in Fortinet Fortios An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. | 6.1 |
| 2020-01-23 | CVE-2019-5593 | Improper Handling of Exceptional Conditions vulnerability in Fortinet Fortios Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below. | 5.5 |
| 2019-11-21 | CVE-2019-6693 | Use of Hard-coded Credentials vulnerability in Fortinet Fortios Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. | 6.5 |
| 2019-11-21 | CVE-2018-9195 | Use of Hard-coded Credentials vulnerability in Fortinet Fortios Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. | 5.9 |
| 2019-08-23 | CVE-2018-13367 | Information Exposure vulnerability in Fortinet Fortios An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. | 5.3 |