Vulnerabilities > Fortinet > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-04 | CVE-2018-13379 | Path Traversal vulnerability in Fortinet Fortios and Fortiproxy An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. | 9.8 |
| 2019-03-25 | CVE-2017-7342 | Improper Input Validation vulnerability in Fortinet Fortiportal A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button | 9.8 |
| 2019-02-08 | CVE-2018-1352 | Use of Externally-Controlled Format String vulnerability in Fortinet Fortios 5.6.0 A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. | 9.8 |
| 2018-05-08 | CVE-2017-17540 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell. | 9.8 |
| 2018-05-08 | CVE-2017-17539 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell. | 9.8 |
| 2017-11-29 | CVE-2017-14189 | Weak Password Requirements vulnerability in Fortinet Fortiweb Manager 5.8.0 An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password. | 9.8 |
| 2017-08-11 | CVE-2015-3616 | SQL Injection vulnerability in Fortinet Fortimanager Firmware SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. | 9.8 |
| 2017-07-22 | CVE-2017-7336 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlm 8.2.2/8.2.4/8.3.0 A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges. | 9.8 |
| 2017-05-27 | CVE-2017-7337 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortiportal An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. | 9.1 |
| 2017-02-01 | CVE-2016-8491 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. | 9.1 |