Fortinet

Fortios

236 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2015-5965

  • EPSS 0.35%
  • Veröffentlicht 11.08.2015 14:59:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field.

4.3

CVE-2015-3626

  • EPSS 0.29%
  • Veröffentlicht 11.08.2015 14:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname.

6.4

CVE-2015-2323

  • EPSS 0.29%
  • Veröffentlicht 11.08.2015 14:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.

4.3

CVE-2015-1880

  • EPSS 59.36%
  • Veröffentlicht 12.05.2015 19:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2014-8616

  • EPSS 0.32%
  • Veröffentlicht 12.05.2015 19:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.

4.3

CVE-2015-1571

Exploit
  • EPSS 0.16%
  • Veröffentlicht 10.02.2015 20:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leve...

7.8

CVE-2015-1452

  • EPSS 0.98%
  • Veröffentlicht 02.02.2015 16:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages.

3.5

CVE-2015-1451

Exploit
  • EPSS 0.24%
  • Veröffentlicht 02.02.2015 16:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join requ...

5.4

CVE-2014-0351

  • EPSS 0.07%
  • Veröffentlicht 10.09.2014 18:55:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or int...

7.5

CVE-2014-2216

  • EPSS 5.81%
  • Veröffentlicht 25.08.2014 14:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request.