Fortinet

Fortios

236 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2017-17544

  • EPSS 0.36%
  • Veröffentlicht 09.04.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:18:08

A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations.

9.8

CVE-2018-1352

  • EPSS 0.5%
  • Veröffentlicht 08.02.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:40

A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.

4.3

CVE-2018-13374

Warnung
  • EPSS 3.55%
  • Veröffentlicht 22.01.2019 14:29:00
  • Zuletzt bearbeitet 27.01.2025 21:30:51

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test req...

7.5

CVE-2018-13376

Exploit
  • EPSS 1.46%
  • Veröffentlicht 27.11.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:59

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.

5.9

CVE-2018-9192

  • EPSS 0.17%
  • Veröffentlicht 05.09.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:08

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such atta...

5.9

CVE-2018-9194

  • EPSS 0.17%
  • Veröffentlicht 05.09.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:09

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such atta...

8.1

CVE-2018-9185

  • EPSS 0.98%
  • Veröffentlicht 05.07.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:08

An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.

5.3

CVE-2017-14185

  • EPSS 0.33%
  • Veröffentlicht 25.05.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:12:19

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside t...

7.2

CVE-2017-14187

  • EPSS 0.19%
  • Veröffentlicht 24.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:12:19

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGa...

6.1

CVE-2012-0941

Exploit
  • EPSS 0.86%
  • Veröffentlicht 08.02.2018 23:29:00
  • Zuletzt bearbeitet 21.11.2024 01:36:00

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List...