Vulnerabilities > Fortinet > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-06-04 CVE-2018-13379 Path Traversal vulnerability in Fortinet Fortios and Fortiproxy
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
network
low complexity
fortinet CWE-22
critical
9.8
2019-03-25 CVE-2017-7342 Improper Input Validation vulnerability in Fortinet Fortiportal
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
network
low complexity
fortinet CWE-20
critical
9.8
2019-02-08 CVE-2018-1352 Use of Externally-Controlled Format String vulnerability in Fortinet Fortios 5.6.0
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.
network
low complexity
fortinet CWE-134
critical
9.8
2018-05-08 CVE-2017-17540 Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.
network
low complexity
fortinet CWE-798
critical
9.8
2018-05-08 CVE-2017-17539 Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.
network
low complexity
fortinet CWE-798
critical
9.8
2017-11-29 CVE-2017-14189 Weak Password Requirements vulnerability in Fortinet Fortiweb Manager 5.8.0
An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.
network
low complexity
fortinet CWE-521
critical
9.8
2017-08-11 CVE-2015-3616 SQL Injection vulnerability in Fortinet Fortimanager Firmware
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
network
low complexity
fortinet CWE-89
critical
9.8
2017-07-22 CVE-2017-7336 Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlm 8.2.2/8.2.4/8.3.0
A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.
network
low complexity
fortinet CWE-798
critical
9.8
2017-05-27 CVE-2017-7337 Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortiportal
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.
network
low complexity
fortinet CWE-732
critical
9.1
2017-02-01 CVE-2016-8491 Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
network
low complexity
fortinet CWE-798
critical
9.1