Vulnerabilities > Fortinet > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-04-27 CVE-2020-9294 Improper Authentication vulnerability in Fortinet Fortimail
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
network
low complexity
fortinet CWE-287
critical
9.8
2020-03-12 CVE-2019-17658 Unquoted Search Path or Element vulnerability in Fortinet Forticlient
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
network
low complexity
fortinet CWE-428
critical
9.8
2020-02-04 CVE-2015-3613 Improper Privilege Management vulnerability in Fortinet Fortimanager
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page
network
low complexity
fortinet CWE-269
critical
9.8
2020-01-23 CVE-2019-16153 Use of Hard-coded Credentials vulnerability in Fortinet Fortisiem
A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials.
network
low complexity
fortinet CWE-798
critical
9.8
2019-08-23 CVE-2019-6695 Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortimanager 6.2.0
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.
network
low complexity
fortinet CWE-345
critical
9.8
2019-08-23 CVE-2019-6698 Use of Hard-coded Credentials vulnerability in Fortinet Fortirecorder Firmware
Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device.
network
low complexity
fortinet CWE-798
critical
9.8
2019-07-08 CVE-2019-13400 Insufficiently Protected Credentials vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0
Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext.
network
low complexity
fortinet CWE-522
critical
9.8
2019-06-04 CVE-2018-13379 Path Traversal vulnerability in Fortinet Fortios and Fortiproxy
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
network
low complexity
fortinet CWE-22
critical
9.8
2019-03-25 CVE-2017-7342 Improper Input Validation vulnerability in Fortinet Fortiportal
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
network
low complexity
fortinet CWE-20
critical
9.8
2019-02-08 CVE-2018-1352 Use of Externally-Controlled Format String vulnerability in Fortinet Fortios 5.6.0
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.
network
low complexity
fortinet CWE-134
critical
9.8