Vulnerabilities > Fortinet > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-07 | CVE-2009-1262 | USE of Externally-Controlled Format String vulnerability in Fortinet Forticlient 3.0.614 Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name. | 7.2 |
| 2008-02-14 | CVE-2008-0779 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient Host Security The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request. | 7.2 |
| 2005-12-31 | CVE-2005-3058 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortigate and Fortios Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616. | 7.5 |
| 2005-12-29 | CVE-2005-4570 | Denial Of Service vulnerability in Multiple Fortinet Products IKE Exchange The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.8 |
| 2005-06-01 | CVE-2005-1837 | Remote Security vulnerability in Fortinet Firewall Fortinet firewall running FortiOS 2.x contains a hardcoded username with the password set to the serial number, which allows local users with console access to gain privileges. | 7.5 |