Vulnerabilities > Fortinet > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-14 CVE-2019-5591 Missing Authentication for Critical Function vulnerability in Fortinet Fortios
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
low complexity
fortinet CWE-306
6.5
2020-06-22 CVE-2020-9288 Cross-site Scripting vulnerability in Fortinet Fortiwlc
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.
network
low complexity
fortinet CWE-79
5.4
2020-06-04 CVE-2020-6640 Cross-site Scripting vulnerability in Fortinet Fortianalyzer
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.
network
low complexity
fortinet CWE-79
5.4
2020-06-04 CVE-2019-16150 Use of Hard-coded Credentials vulnerability in Fortinet Forticlient
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key.
local
low complexity
fortinet CWE-798
5.5
2020-06-01 CVE-2019-15709 Improper Input Validation vulnerability in Fortinet Fortiap-S, Fortiap-U and Fortiap-W2
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.
network
low complexity
fortinet CWE-20
6.5
2020-04-07 CVE-2020-9286 Unspecified vulnerability in Fortinet Fortiadc Firmware
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
network
low complexity
fortinet
6.5
2020-04-07 CVE-2020-6647 Cross-site Scripting vulnerability in Fortinet Fortiadc Firmware
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
network
low complexity
fortinet CWE-79
5.4
2020-03-17 CVE-2020-6646 Cross-site Scripting vulnerability in Fortinet Fortiweb
An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.
network
low complexity
fortinet CWE-79
5.4
2020-03-15 CVE-2019-6696 Open Redirect vulnerability in Fortinet Fortios
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.
network
low complexity
fortinet CWE-601
6.1
2020-03-15 CVE-2019-15708 OS Command Injection vulnerability in Fortinet products
A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.
local
low complexity
fortinet CWE-78
6.7