Vulnerabilities > Fortinet > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-03-25 CVE-2017-7340 Cross-site Scripting vulnerability in Fortinet Fortiportal
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.
network
low complexity
fortinet CWE-79
6.1
2019-02-08 CVE-2018-9190 NULL Pointer Dereference vulnerability in Fortinet Forticlient
A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver.
local
low complexity
fortinet CWE-476
5.5
2019-01-22 CVE-2018-13374 Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortiadc and Fortios
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
network
low complexity
fortinet CWE-732
4.3
2018-09-05 CVE-2018-9194 Information Exposure Through Discrepancy vulnerability in Fortinet Fortios
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key.
network
high complexity
fortinet CWE-203
5.9
2018-09-05 CVE-2018-9192 Information Exposure Through Discrepancy vulnerability in Fortinet Fortios
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key.
network
high complexity
fortinet CWE-203
5.9
2018-09-05 CVE-2018-1353 Information Exposure vulnerability in Fortinet Fortimanager
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom.
network
low complexity
fortinet CWE-200
4.3
2018-07-16 CVE-2017-17541 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
network
low complexity
fortinet CWE-79
6.1
2018-06-28 CVE-2018-1351 Cross-site Scripting vulnerability in Fortinet Fortimanager
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log.
network
low complexity
fortinet CWE-79
4.8
2018-06-27 CVE-2018-1355 Open Redirect vulnerability in Fortinet Fortianalyzer and Fortimanager
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature.
network
low complexity
fortinet CWE-601
6.1
2018-06-27 CVE-2018-1354 Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortimanager
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.
network
low complexity
fortinet CWE-732
6.5