Fortinet

FortiOS

260 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2017-3132

Exploit
  • EPSS 8.78%
  • Veröffentlicht 12.09.2017 02:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.

6.1

CVE-2017-3133

Exploit
  • EPSS 8.69%
  • Veröffentlicht 12.09.2017 02:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.

5.4

CVE-2017-7734

  • EPSS 0.31%
  • Veröffentlicht 12.09.2017 02:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.

5.4

CVE-2017-7735

  • EPSS 0.31%
  • Veröffentlicht 12.09.2017 02:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.

7.5

CVE-2017-3130

  • EPSS 0.29%
  • Veröffentlicht 10.08.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.

6.1

CVE-2017-3127

  • EPSS 0.31%
  • Veröffentlicht 01.06.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.

4.8

CVE-2017-3128

  • EPSS 0.31%
  • Veröffentlicht 23.05.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.

5.9

CVE-2016-7541

  • EPSS 0.23%
  • Veröffentlicht 30.03.2017 14:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in prox...

4.9

CVE-2016-7542

  • EPSS 0.32%
  • Veröffentlicht 30.03.2017 14:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and ...

5.9

CVE-2016-8492

  • EPSS 0.38%
  • Veröffentlicht 08.02.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.