Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-23 | CVE-2018-13367 | Information Exposure vulnerability in Fortinet Fortios An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. | 5.0 |
| 2019-08-23 | CVE-2019-6698 | Use of Hard-coded Credentials vulnerability in Fortinet Fortirecorder Firmware Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device. | 7.5 |
| 2019-08-23 | CVE-2019-5592 | Improper Verification of Cryptographic Signature vulnerability in Fortinet Fortios IPS Engine Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position. | 4.3 |
| 2019-07-08 | CVE-2019-13402 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. | 6.5 |
| 2019-07-08 | CVE-2019-13401 | Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/. | 6.8 |
| 2019-07-08 | CVE-2019-13400 | Insufficiently Protected Credentials vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. | 5.0 |
| 2019-07-08 | CVE-2019-13399 | Use of Hard-coded Credentials vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation. | 4.3 |
| 2019-07-08 | CVE-2019-13398 | OS Command Injection vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi. | 9.0 |
| 2019-06-04 | CVE-2019-5588 | Cross-site Scripting vulnerability in Fortinet Fortios A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests. | 4.3 |
| 2019-06-04 | CVE-2019-5587 | Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortios Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods. | 4.0 |