Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-16 | CVE-2017-17541 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. | 6.1 |
| 2018-07-05 | CVE-2018-9185 | Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | 8.1 |
| 2018-06-28 | CVE-2018-1351 | Cross-site Scripting vulnerability in Fortinet Fortimanager A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log. | 4.8 |
| 2018-06-27 | CVE-2018-1355 | Open Redirect vulnerability in Fortinet Fortianalyzer and Fortimanager An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. | 6.1 |
| 2018-06-27 | CVE-2018-1354 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortimanager An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | 6.5 |
| 2018-05-31 | CVE-2018-9186 | Cross-site Scripting vulnerability in Fortinet Fortiauthenticator A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header. | 6.1 |
| 2018-05-25 | CVE-2017-14185 | Information Exposure vulnerability in Fortinet Fortios An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal. | 5.3 |
| 2018-05-24 | CVE-2017-14187 | Improper Privilege Management vulnerability in Fortinet Fortios A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. | 6.2 |
| 2018-05-08 | CVE-2017-17540 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell. | 9.8 |
| 2018-05-08 | CVE-2017-17539 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell. | 9.8 |