Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-12 | CVE-2017-3125 | Cross-site Scripting vulnerability in Fortinet Fortimail An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker. | 6.1 |
| 2017-03-30 | CVE-2016-7542 | Information Exposure vulnerability in Fortinet Fortios A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. | 4.9 |
| 2017-03-30 | CVE-2016-7541 | 7PK - Security Features vulnerability in Fortinet Fortios Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. | 5.9 |
| 2017-02-13 | CVE-2016-8495 | Information Exposure vulnerability in Fortinet Fortimanager Firmware An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature. | 7.4 |
| 2017-02-09 | CVE-2016-8494 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Connect Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. | 7.2 |
| 2017-02-08 | CVE-2016-8492 | Information Exposure vulnerability in Fortinet Fortios The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. | 5.9 |
| 2017-02-01 | CVE-2016-8491 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. | 9.1 |
| 2016-10-07 | CVE-2015-7363 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. | 5.4 |
| 2016-10-05 | CVE-2016-7561 | Information Exposure vulnerability in Fortinet Fortiwlc Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. | 7.2 |
| 2016-10-05 | CVE-2016-7560 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | 9.8 |