Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-02-02 | CVE-2015-1453 | Cryptographic Issues vulnerability in Fortinet Forticlient 5.2.3.091 The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences. | 5.0 |
| 2015-02-02 | CVE-2015-1452 | Code vulnerability in Fortinet Fortios 5.0.7 The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages. | 7.8 |
| 2015-02-02 | CVE-2015-1451 | Cross-site Scripting vulnerability in Fortinet Fortios 5.0.7 Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request. | 3.5 |
| 2014-11-01 | CVE-2014-8582 | Unspecified vulnerability in Fortinet products FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors. | 6.4 |
| 2014-10-31 | CVE-2014-2336 | Cross-Site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. | 4.3 |
| 2014-10-31 | CVE-2014-2335 | Cross-Site Scripting vulnerability in Fortinet Fortianalyzer Firmware Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. | 4.3 |
| 2014-10-31 | CVE-2014-2334 | Cross-Site Scripting vulnerability in Fortinet Fortianalyzer Firmware Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. | 4.3 |
| 2014-09-10 | CVE-2014-0351 | Cryptographic Issues vulnerability in Fortinet Fortios The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream. | 5.4 |
| 2014-08-25 | CVE-2014-2216 | Denial of Service vulnerability in Fortinet FortiOS The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request. | 7.5 |
| 2014-07-11 | CVE-2014-4738 | Cross-Site Scripting vulnerability in Fortinet Fortiweb Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg. | 4.3 |