Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-23 | CVE-2019-6695 | Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortimanager 6.2.0 Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. | 9.8 |
| 2019-08-23 | CVE-2019-5594 | Cross-site Scripting vulnerability in Fortinet Fortinac 8.3.0/8.3.6/8.5.0 An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. | 6.1 |
| 2019-08-23 | CVE-2018-13367 | Information Exposure vulnerability in Fortinet Fortios An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. | 5.3 |
| 2019-08-23 | CVE-2019-6698 | Use of Hard-coded Credentials vulnerability in Fortinet Fortirecorder Firmware Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device. | 9.8 |
| 2019-08-23 | CVE-2019-5592 | Improper Verification of Cryptographic Signature vulnerability in Fortinet Fortios IPS Engine Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position. | 5.9 |
| 2019-07-08 | CVE-2019-13402 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. | 8.8 |
| 2019-07-08 | CVE-2019-13401 | Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/. | 8.8 |
| 2019-07-08 | CVE-2019-13400 | Insufficiently Protected Credentials vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. | 9.8 |
| 2019-07-08 | CVE-2019-13399 | Use of Hard-coded Credentials vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation. | 5.9 |
| 2019-07-08 | CVE-2019-13398 | OS Command Injection vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi. | 7.2 |