Vulnerabilities > Fortinet

DATE CVE VULNERABILITY TITLE RISK
2018-05-08 CVE-2017-17539 Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.
network
low complexity
fortinet CWE-798
critical
 9.8
9.8
2018-04-26 CVE-2017-17543 Inadequate Encryption Strength vulnerability in Fortinet Forticlient
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.
network
low complexity
fortinet CWE-326
7.5
7.5
2018-03-20 CVE-2017-14191 Unspecified vulnerability in Fortinet Fortiweb
An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.
network
high complexity
fortinet
5.9
5.9
2018-02-09 CVE-2012-6347 Cross-site Scripting vulnerability in Fortinet Fortidb 4.4.1
Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf, or (10) mapolicymgmt/maPolicyMasterList.jsf.
network
low complexity
fortinet CWE-79
6.1
6.1
2018-02-09 CVE-2012-6346 Cross-site Scripting vulnerability in Fortinet Fortiweb
Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate.
network
low complexity
fortinet CWE-79
6.1
6.1
2018-02-08 CVE-2012-0941 Cross-site Scripting vulnerability in Fortinet Fortios
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list.
network
low complexity
fortinet CWE-79
6.1
6.1
2018-01-29 CVE-2017-14190 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.
network
low complexity
fortinet CWE-79
6.1
6.1
2017-12-15 CVE-2017-14184 Information Exposure vulnerability in Fortinet Forticlient
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.
network
low complexity
fortinet CWE-200
8.8
8.8
2017-12-14 CVE-2017-7344 Unspecified vulnerability in Fortinet Forticlient
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.
network
high complexity
fortinet
8.1
8.1
2017-12-13 CVE-2017-7738 Information Exposure vulnerability in Fortinet Fortios
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.
network
low complexity
fortinet CWE-200
7.2
7.2