Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2017-12-15 CVE-2017-14184 Information Exposure vulnerability in Fortinet Forticlient
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.
network
low complexity
fortinet CWE-200
8.8
8.8
2017-12-14 CVE-2017-7344 Unspecified vulnerability in Fortinet Forticlient
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.
network
high complexity
fortinet
8.1
8.1
2017-12-13 CVE-2017-7738 Information Exposure vulnerability in Fortinet Fortios
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.
network
low complexity
fortinet CWE-200
7.2
7.2
2017-11-29 CVE-2017-14189 Weak Password Requirements vulnerability in Fortinet Fortiweb Manager 5.8.0
An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.
network
low complexity
fortinet CWE-521
critical
 9.8
9.8
2017-11-29 CVE-2017-14186 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter.
network
low complexity
fortinet CWE-79
5.4
5.4
2017-11-22 CVE-2017-7736 Cross-site Scripting vulnerability in Fortinet Fortiweb
A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import.
network
low complexity
fortinet CWE-79
5.4
5.4
2017-11-13 CVE-2017-7739 Cross-site Scripting vulnerability in Fortinet Fortios
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim.
network
low complexity
fortinet CWE-79
6.1
6.1
2017-10-27 CVE-2017-7733 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter.
network
low complexity
fortinet CWE-79
6.1
6.1
2017-10-27 CVE-2017-14182 Improper Input Validation vulnerability in Fortinet Fortios
A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API.
network
low complexity
fortinet CWE-20
6.5
6.5
2017-10-26 CVE-2017-7732 Cross-site Scripting vulnerability in Fortinet Fortimail
A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests.
network
low complexity
fortinet CWE-79
6.1
6.1