Vulnerabilities > Fortinet

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-25	CVE-2018-1360	Cleartext Transmission of Sensitive Information vulnerability in Fortinet Fortimanager A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. network high complexity fortinet CWE-319	8.1
2019-04-17	CVE-2018-13378	Information Exposure vulnerability in Fortinet Fortisiem An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. network low complexity fortinet CWE-200	7.2
2019-04-09	CVE-2018-1356	Cross-site Scripting vulnerability in Fortinet Fortisandbox A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component. network low complexity fortinet CWE-79	6.1
2019-04-09	CVE-2018-13366	Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. network low complexity fortinet CWE-200	5.3
2019-04-09	CVE-2017-17544	Improper Privilege Management vulnerability in Fortinet Fortios A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations. network low complexity fortinet CWE-269	7.2
2019-03-25	CVE-2017-7342	Improper Input Validation vulnerability in Fortinet Fortiportal A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button network low complexity fortinet CWE-20 critical	9.8
2019-03-25	CVE-2017-7340	Cross-site Scripting vulnerability in Fortinet Fortiportal A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. network low complexity fortinet CWE-79	6.1
2019-02-08	CVE-2018-9190	NULL Pointer Dereference vulnerability in Fortinet Forticlient A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver. local low complexity fortinet CWE-476	5.5
2019-02-08	CVE-2018-1352	Use of Externally-Controlled Format String vulnerability in Fortinet Fortios 5.6.0 A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. network low complexity fortinet CWE-134 critical	9.8
2019-01-22	CVE-2018-13374	Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortiadc and Fortios A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one. network low complexity fortinet CWE-732	4.3

Vulnerabilities > Fortinet {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Fortinet"}]}

Vulnerabilities > Fortinet