Fortinet

Fortios

236 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2017-17544

  • EPSS 0.36%
  • Published 09.04.2019 16:29:00
  • Last modified 21.11.2024 03:18:08

A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations.

9.8

CVE-2018-1352

  • EPSS 0.5%
  • Published 08.02.2019 18:29:00
  • Last modified 21.11.2024 03:59:40

A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.

4.3

CVE-2018-13374

Warning
  • EPSS 3.55%
  • Published 22.01.2019 14:29:00
  • Last modified 27.01.2025 21:30:51

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test req...

7.5

CVE-2018-13376

Exploit
  • EPSS 1.46%
  • Published 27.11.2018 15:29:00
  • Last modified 21.11.2024 03:46:59

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.

5.9

CVE-2018-9192

  • EPSS 0.17%
  • Published 05.09.2018 13:29:00
  • Last modified 21.11.2024 04:15:08

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such atta...

5.9

CVE-2018-9194

  • EPSS 0.17%
  • Published 05.09.2018 13:29:00
  • Last modified 21.11.2024 04:15:09

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such atta...

8.1

CVE-2018-9185

  • EPSS 0.98%
  • Published 05.07.2018 13:29:00
  • Last modified 21.11.2024 04:15:08

An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.

5.3

CVE-2017-14185

  • EPSS 0.33%
  • Published 25.05.2018 16:29:00
  • Last modified 21.11.2024 03:12:19

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside t...

7.2

CVE-2017-14187

  • EPSS 0.19%
  • Published 24.05.2018 20:29:00
  • Last modified 21.11.2024 03:12:19

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGa...

6.1

CVE-2012-0941

Exploit
  • EPSS 0.86%
  • Published 08.02.2018 23:29:00
  • Last modified 21.11.2024 01:36:00

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List...