Vulnerabilities > Fortinet > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-13 | CVE-2017-7738 | Information Exposure vulnerability in Fortinet Fortios An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. | 7.2 |
| 2017-10-26 | CVE-2017-7341 | OS Command Injection vulnerability in Fortinet Fortiwlc An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests. | 7.2 |
| 2017-08-22 | CVE-2015-3617 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortimanager Firmware Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. | 7.8 |
| 2017-08-11 | CVE-2015-3614 | Information Exposure vulnerability in Fortinet Fortimanager Firmware Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. | 7.5 |
| 2017-08-10 | CVE-2017-3130 | Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. | 7.5 |
| 2017-06-26 | CVE-2016-8493 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient 5.4.1/5.4.2 In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. | 8.8 |
| 2017-05-27 | CVE-2017-7731 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fortinet Fortiportal A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | 7.5 |
| 2017-05-27 | CVE-2017-7338 | Information Exposure vulnerability in Fortinet Fortiportal A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | 7.5 |
| 2017-05-27 | CVE-2017-3134 | Improper Input Validation vulnerability in Fortinet Fortiwlc-Sd An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'. | 7.2 |
| 2017-02-13 | CVE-2016-8495 | Information Exposure vulnerability in Fortinet Fortimanager Firmware An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature. | 7.4 |