Vulnerabilities > Fortinet > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-30 CVE-2016-7541 7PK - Security Features vulnerability in Fortinet Fortios
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode.
network
high complexity
fortinet CWE-254
5.9
2017-02-08 CVE-2016-8492 Information Exposure vulnerability in Fortinet Fortios
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.
network
high complexity
fortinet CWE-200
5.9
2016-10-07 CVE-2015-7363 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
network
low complexity
fortinet CWE-79
5.4
2016-09-21 CVE-2016-4969 Cross-site Scripting vulnerability in Fortinet Fortiwan
Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.
network
low complexity
fortinet CWE-79
6.1
2016-09-21 CVE-2016-4968 Information Exposure vulnerability in Fortinet Fortiwan
The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.
network
low complexity
fortinet CWE-200
6.5
2016-09-21 CVE-2016-4967 Information Exposure vulnerability in Fortinet Fortiwan
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.
network
low complexity
fortinet CWE-200
6.5
2016-09-21 CVE-2016-4966 Improper Authentication vulnerability in Fortinet Fortiwan
The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.
network
low complexity
fortinet CWE-287
6.5
2016-08-19 CVE-2016-3195 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
fortinet CWE-79
6.1
2016-08-19 CVE-2016-3194 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
fortinet CWE-79
6.1
2016-08-19 CVE-2016-3193 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
fortinet CWE-79
5.4