Vulnerabilities > Fortinet

DATE	CVE	VULNERABILITY TITLE	RISK
2017-02-08	CVE-2016-8492	Information Exposure vulnerability in Fortinet Fortios The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. network high complexity fortinet CWE-200	5.9
2017-02-01	CVE-2016-8491	Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. network low complexity fortinet CWE-798 critical	9.1
2016-10-07	CVE-2015-7363	Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. network low complexity fortinet CWE-79	5.4
2016-10-05	CVE-2016-7561	Information Exposure vulnerability in Fortinet Fortiwlc Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. network low complexity fortinet CWE-200	7.2
2016-10-05	CVE-2016-7560	Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. network low complexity fortinet CWE-798 critical	9.8
2016-09-21	CVE-2016-4969	Cross-site Scripting vulnerability in Fortinet Fortiwan Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php. network low complexity fortinet CWE-79	6.1
2016-09-21	CVE-2016-4968	Information Exposure vulnerability in Fortinet Fortiwan The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request. network low complexity fortinet CWE-200	6.5
2016-09-21	CVE-2016-4967	Information Exposure vulnerability in Fortinet Fortiwan Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php. network low complexity fortinet CWE-200	6.5
2016-09-21	CVE-2016-4966	Improper Authentication vulnerability in Fortinet Fortiwan The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. network low complexity fortinet CWE-287	6.5
2016-09-21	CVE-2016-4965	OS Command Injection vulnerability in Fortinet Fortiwan Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php. network low complexity fortinet CWE-78	8.8

Vulnerabilities > Fortinet {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Fortinet"}]}

Vulnerabilities > Fortinet