Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2017-09-12 CVE-2017-3132 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
network
low complexity
fortinet CWE-79
6.1
2017-09-12 CVE-2017-3131 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
network
low complexity
fortinet CWE-79
5.4
2017-08-22 CVE-2015-3617 Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortimanager Firmware
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
local
low complexity
fortinet CWE-264
7.8
2017-08-11 CVE-2015-3616 SQL Injection vulnerability in Fortinet Fortimanager Firmware
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
network
low complexity
fortinet CWE-89
critical
9.8
2017-08-11 CVE-2015-3615 Cross-site Scripting vulnerability in Fortinet Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.
network
low complexity
fortinet CWE-79
5.4
2017-08-11 CVE-2015-3614 Information Exposure vulnerability in Fortinet Fortimanager Firmware
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.
network
low complexity
fortinet CWE-200
7.5
2017-08-10 CVE-2017-7737 Files or Directories Accessible to External Parties vulnerability in Fortinet Fortiweb
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.
network
low complexity
fortinet CWE-552
4.9
2017-08-10 CVE-2017-3130 Information Exposure vulnerability in Fortinet Fortios
An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.
network
low complexity
fortinet CWE-200
7.5
2017-07-22 CVE-2017-7336 Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlm 8.2.2/8.2.4/8.3.0
A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.
network
low complexity
fortinet CWE-798
critical
9.8
2017-06-26 CVE-2016-8493 Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient 5.4.1/5.4.2
In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.
network
low complexity
fortinet CWE-264
8.8