Fortinet

Fortios

236 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2015-5965

  • EPSS 0.35%
  • Published 11.08.2015 14:59:16
  • Last modified 12.04.2025 10:46:40

The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field.

4.3

CVE-2015-3626

  • EPSS 0.29%
  • Published 11.08.2015 14:59:09
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname.

6.4

CVE-2015-2323

  • EPSS 0.29%
  • Published 11.08.2015 14:59:01
  • Last modified 12.04.2025 10:46:40

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.

4.3

CVE-2015-1880

  • EPSS 59.36%
  • Published 12.05.2015 19:59:08
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2014-8616

  • EPSS 0.32%
  • Published 12.05.2015 19:59:00
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.

4.3

CVE-2015-1571

Exploit
  • EPSS 0.16%
  • Published 10.02.2015 20:59:06
  • Last modified 12.04.2025 10:46:40

The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leve...

7.8

CVE-2015-1452

  • EPSS 0.98%
  • Published 02.02.2015 16:59:05
  • Last modified 12.04.2025 10:46:40

The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages.

3.5

CVE-2015-1451

Exploit
  • EPSS 0.24%
  • Published 02.02.2015 16:59:04
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join requ...

5.4

CVE-2014-0351

  • EPSS 0.07%
  • Published 10.09.2014 18:55:02
  • Last modified 12.04.2025 10:46:40

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or int...

7.5

CVE-2014-2216

  • EPSS 5.81%
  • Published 25.08.2014 14:55:06
  • Last modified 12.04.2025 10:46:40

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request.