Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2965 matches found

Cvelist
Cvelistadded 2015/05/12 7:0 p.m.16 views

CVE-2014-8616

Multiple cross-site scripting XSS vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the 1 user group or 2 vpn template menus...

5.7AI score0.00323EPSS
Exploits0References5
CVE
CVEadded 2015/05/12 7:0 p.m.46 views

CVE-2014-8616

Fortinet FortiOS 5.2.x is affected by CVE-2014-8616 (and related CVE-2015-1880) due to multiple cross-site scripting vulnerabilities. Affected versions are FortiOS before 5.2.3. Exploitation occurs via crafted requests to vulnerable surfaces (notably the user group and VPN template menus, and the...

4.3CVSS5.8AI score0.00323EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2015/05/12 7:0 p.m.17 views

CVE-2015-1880

Cross-site scripting XSS vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.6AI score0.55556EPSS
Exploits0References6
CNVD
CNVDadded 2015/02/12 12:0 a.m.2 views

Fortinet FortiOS Man-in-the-Middle Attack Vulnerability (CNVD-2015-01149)

Fortinet FortiOS is a set of security operating system developed by the U.S. company Fita Fortinet dedicated to the FortiGate platform, which provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering, anti-spam and other security features. A man-in-the-middle attack...

4.3CVSS6.7AI score0.00155EPSS
Exploits1References1
OpenVAS
OpenVASadded 2015/02/11 12:0 a.m.21 views

Fortinet FortiGate XSS Vulnerability (FG-IR-14-003)

FortiOS as used in FortiGate is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS5.1AI score0.00812EPSS
Exploits1References2
NVD
NVDadded 2015/02/10 8:59 p.m.8 views

CVE-2015-1571

The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the FortinetFactory certificate and...

4.3CVSS6.3AI score0.00155EPSS
Exploits1References3
Prion
Prionadded 2015/02/10 8:59 p.m.14 views

Design/Logic Flaw

DISPUTED The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the FortinetFactory certificate...

4.3CVSS6.9AI score0.00155EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2015/02/10 8:0 p.m.78 views

CVE-2015-1571

Fortinet FortiOS 5.0 Patch 7 (build 4457) CAPWAP DTLS uses the same Fortinet_Factory certificate and private key across different customer installations. This configuration could enable an attacker to perform a man‑in‑the‑middle by spoofing SSL servers leveraging the Fortinet_Factory cert. Some s...

4.3CVSS6.5AI score0.00155EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2015/02/10 8:0 p.m.29 views

CVE-2015-1571

The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the FortinetFactory certificate and...

6.3AI score0.00155EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2015/02/10 12:0 a.m.2 views

PT-2015-3369 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS version 5.0 Patch 7 build 4457 Description: The CAPWAP DTLS protocol implementation in FortiOS uses the same certificate and private key across different customers' installations. However, according to FG-IR-15-002, the Fortinet Facto...

4.3CVSS6.8AI score0.00155EPSS
Exploits1References6
CNVD
CNVDadded 2015/02/04 12:0 a.m.1 views

Fortinet FortiOS Information Disclosure Vulnerability (CNVD-2015-00916)

Fortinet FortiOS is a set of security operating system developed by the U.S. company Fita Fortinet dedicated to the FortiGate platform, which provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering, anti-spam and other security features. An information disclosure vulnerabili...

6.1AI score
Exploits0References1
CNVD
CNVDadded 2015/02/04 12:0 a.m.1 views

Fortinet FortiOS HTML Injection Vulnerability

Fortinet FortiOS is a set of security operating system developed by the U.S. company Fita Fortinet dedicated to the FortiGate platform, which provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering, anti-spam and other security features. An HTML injection vulnerability exist...

3.5CVSS7.9AI score0.00239EPSS
Exploits1References1
NVD
NVDadded 2015/02/02 4:59 p.m.11 views

CVE-2015-1451

Multiple cross-site scripting XSS vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the 1 WTP Name or 2 WTP Active Software Version field in a CAPWAP Join request...

3.5CVSS5.4AI score0.00239EPSS
Exploits1References5
Prion
Prionadded 2015/02/02 4:59 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the 1 WTP Name or 2 WTP Active Software Version field in a CAPWAP Join request...

3.5CVSS5.6AI score0.00239EPSS
Exploits1References5Affected Software1
Prion
Prionadded 2015/02/02 4:59 p.m.11 views

Design/Logic Flaw

The Control and Provisioning of Wireless Access Points CAPWAP daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service locked CAPWAP Access Controller via a large number of ClientHello DTLS messages...

7.8CVSS7.2AI score0.00977EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2015/02/02 4:0 p.m.46 views

CVE-2015-1451

CVE-2015-1451 refers to multiple XSS vulnerabilities in Fortinet FortiOS 5.0 Patch 7 (build 4457) affecting the CAPWAP server. The issue allows remote authenticated users to inject arbitrary web script or HTML via the WTP Name or WTP Active Software Version fields in a CAPWAP Join request. Affect...

3.5CVSS5.5AI score0.00239EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2015/02/02 4:0 p.m.52 views

CVE-2015-1452

The CVE-2015-1452 issue affects Fortinet FortiOS 5.0 Patch 7 build 4457, specifically the CAPWAP daemon. An attacker can trigger a denial of service by sending a flood of ClientHello DTLS messages, which can lock the CAPWAP Access Controller. The available connected records confirm the affected c...

7.8CVSS6.8AI score0.00977EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2015/02/02 4:0 p.m.18 views

CVE-2015-1451

Multiple cross-site scripting XSS vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the 1 WTP Name or 2 WTP Active Software Version field in a CAPWAP Join request...

5.4AI score0.00239EPSS
Exploits1References5
Cvelist
Cvelistadded 2015/02/02 4:0 p.m.18 views

CVE-2015-1452

The Control and Provisioning of Wireless Access Points CAPWAP daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service locked CAPWAP Access Controller via a large number of ClientHello DTLS messages...

6.6AI score0.00977EPSS
Exploits0References5
CNVD
CNVDadded 2015/02/02 12:0 a.m.1 views

Fortinet FortiOS Denial of Service Vulnerability (CNVD-2015-00852)

Fortinet FortiOS is a set of security operating system developed by the U.S. company Fita Fortinet dedicated to the FortiGate platform, which provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering, anti-spam and other security features. The Fortinet FortiOS denial of servic...

7.8CVSS6.7AI score0.00977EPSS
Exploits0References1
Rows per page
Query Builder