Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2016-04-08 CVE-2016-3978 Cross-site Scripting vulnerability in Fortinet Fortios
The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login."
network
low complexity
fortinet CWE-79
6.1
2016-01-15 CVE-2016-1909 Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortios
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
network
low complexity
fortinet CWE-264
critical
9.8
2016-01-08 CVE-2015-7362 Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient
Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program.
local
low complexity
fortinet CWE-264
7.8