Vulnerabilities > Fortinet > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-19 CVE-2014-2723 Incorrect Default Permissions vulnerability in Fortinet products
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH.
network
low complexity
fortinet CWE-276
8.8
2020-03-19 CVE-2014-2722 Incorrect Default Permissions vulnerability in Fortinet products
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH.
network
low complexity
fortinet CWE-276
8.8
2020-03-19 CVE-2014-2721 Incorrect Default Permissions vulnerability in Fortinet products
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH.
network
low complexity
fortinet CWE-276
8.8
2020-03-15 CVE-2019-17654 Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortimanager
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
network
low complexity
fortinet CWE-345
8.8
2020-03-15 CVE-2020-9290 Uncontrolled Search Path Element vulnerability in Fortinet Forticlient
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
local
low complexity
fortinet CWE-427
7.8
2020-03-15 CVE-2020-9287 Uncontrolled Search Path Element vulnerability in Fortinet Forticlient Emergency Management Server 6.2.1
An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
local
low complexity
fortinet CWE-427
7.8
2020-03-12 CVE-2019-17653 Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fortisiem 5.2.5
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.
network
low complexity
fortinet CWE-352
8.8
2020-02-07 CVE-2019-16155 Unspecified vulnerability in Fortinet Forticlient
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process.
local
low complexity
fortinet
7.1
2020-02-06 CVE-2019-15711 Unspecified vulnerability in Fortinet Forticlient
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process.
local
low complexity
fortinet
7.8
2020-02-04 CVE-2015-3611 OS Command Injection vulnerability in Fortinet Fortimanager
A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.
network
low complexity
fortinet CWE-78
8.8