Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-02 | CVE-2018-13371 | Improper Input Validation vulnerability in Fortinet Fortios An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component. | 6.5 |
| 2020-03-19 | CVE-2014-2723 | Incorrect Default Permissions vulnerability in Fortinet products In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. | 9.0 |
| 2020-03-19 | CVE-2014-2722 | Incorrect Default Permissions vulnerability in Fortinet products In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. | 9.0 |
| 2020-03-19 | CVE-2014-2721 | Incorrect Default Permissions vulnerability in Fortinet products In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. | 9.0 |
| 2020-03-17 | CVE-2020-6646 | Cross-site Scripting vulnerability in Fortinet Fortiweb An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message. | 3.5 |
| 2020-03-15 | CVE-2019-6696 | Open Redirect vulnerability in Fortinet Fortios An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. | 5.8 |
| 2020-03-15 | CVE-2019-17654 | Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortimanager An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. | 6.8 |
| 2020-03-15 | CVE-2019-15708 | OS Command Injection vulnerability in Fortinet products A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. | 7.2 |
| 2020-03-15 | CVE-2020-9290 | Uncontrolled Search Path Element vulnerability in Fortinet Forticlient and Forticlient Virtual Private Network An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | 6.9 |
| 2020-03-15 | CVE-2020-9287 | Uncontrolled Search Path Element vulnerability in Fortinet Forticlient Emergency Management Server 6.2.1 An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | 6.9 |