Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-09 | CVE-2016-4573 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortiswitch 3.4.1 Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account. | 9.8 |
| 2016-08-24 | CVE-2016-6909 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fortinet Fortios and Fortiswitch Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER. | 9.8 |
| 2016-08-19 | CVE-2016-3195 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-08-19 | CVE-2016-3194 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-08-19 | CVE-2016-3193 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-08-05 | CVE-2016-3196 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. | 5.4 |
| 2016-07-13 | CVE-2016-5092 | Path Traversal vulnerability in Fortinet Fortiweb Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature. | 4.9 |
| 2016-07-13 | CVE-2016-4066 | Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fortiweb Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of administrators for requests that change the password via unspecified vectors. | 8.8 |
| 2016-05-26 | CVE-2015-7360 | Cross-site Scripting vulnerability in Fortinet Fortisandbox Firmware Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) "Fortiview threats by users search filtered by vdom" or (5) "PCAP file download generated by the VM scan feature." | 6.1 |
| 2016-04-08 | CVE-2016-3978 | Cross-site Scripting vulnerability in Fortinet Fortios The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login." | 6.1 |