Vulnerabilities > Fortinet
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-12 | CVE-2017-3132 | Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. | 6.1 |
2017-09-12 | CVE-2017-3131 | Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView. | 5.4 |
2017-08-22 | CVE-2015-3617 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortimanager Firmware Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. | 7.8 |
2017-08-11 | CVE-2015-3616 | SQL Injection vulnerability in Fortinet Fortimanager Firmware SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. | 9.8 |
2017-08-11 | CVE-2015-3615 | Cross-site Scripting vulnerability in Fortinet Fortimanager Firmware Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. | 5.4 |
2017-08-11 | CVE-2015-3614 | Information Exposure vulnerability in Fortinet Fortimanager Firmware Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. | 7.5 |
2017-08-10 | CVE-2017-7737 | Files or Directories Accessible to External Parties vulnerability in Fortinet Fortiweb An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. | 4.9 |
2017-08-10 | CVE-2017-3130 | Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. | 7.5 |
2017-07-22 | CVE-2017-7336 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlm 8.2.2/8.2.4/8.3.0 A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges. | 9.8 |
2017-06-26 | CVE-2016-8493 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient 5.4.1/5.4.2 In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. | 8.8 |