Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2020-03-15 CVE-2019-15708 OS Command Injection vulnerability in Fortinet products
A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.
local
low complexity
fortinet CWE-78
6.7
6.7
2020-03-15 CVE-2020-9290 Uncontrolled Search Path Element vulnerability in Fortinet Forticlient
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
local
low complexity
fortinet CWE-427
7.8
7.8
2020-03-15 CVE-2020-9287 Uncontrolled Search Path Element vulnerability in Fortinet Forticlient Emergency Management Server 6.2.1
An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
local
low complexity
fortinet CWE-427
7.8
7.8
2020-03-13 CVE-2019-6699 Cross-site Scripting vulnerability in Fortinet Fortiadc
An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface.
network
low complexity
fortinet CWE-79
5.4
5.4
2020-03-13 CVE-2019-16157 Information Exposure Through Log Files vulnerability in Fortinet Fortiweb
An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands.
network
low complexity
fortinet CWE-532
6.5
6.5
2020-03-12 CVE-2019-17653 Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fortisiem 5.2.5
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.
network
low complexity
fortinet CWE-352
8.8
8.8
2020-03-12 CVE-2020-6643 Cross-site Scripting vulnerability in Fortinet Fortiisolator
An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS).
network
low complexity
fortinet CWE-79
5.4
5.4
2020-03-12 CVE-2019-17658 Unquoted Search Path or Element vulnerability in Fortinet Forticlient
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
network
low complexity
fortinet CWE-428
critical
 9.8
9.8
2020-03-12 CVE-2019-16156 Cross-site Scripting vulnerability in Fortinet Fortiweb
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).
network
low complexity
fortinet CWE-79
6.1
6.1
2020-02-07 CVE-2019-16155 Unspecified vulnerability in Fortinet Forticlient
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process.
local
low complexity
fortinet
7.1
7.1