Lucene search

K
FortinetFortios

233 matches found

CVE
CVE
added 2024/11/12 7:15 p.m.42 views

CVE-2024-33510

An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; ...

4.3CVSS7.1AI score0.00094EPSS
CVE
CVE
added 2025/01/14 2:15 p.m.42 views

CVE-2024-46665

An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests.

3.7CVSS3.9AI score0.00045EPSS
CVE
CVE
added 2006/06/24 10:6 a.m.41 views

CVE-2006-3222

The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.

5CVSS7.1AI score0.01591EPSS
CVE
CVE
added 2017/06/01 2:29 p.m.41 views

CVE-2017-3127

A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.

6.1CVSS6.2AI score0.00313EPSS
CVE
CVE
added 2019/02/08 6:29 p.m.41 views

CVE-2018-1352

A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.

9.8CVSS9.5AI score0.00504EPSS
CVE
CVE
added 2020/04/02 2:15 p.m.40 views

CVE-2018-13371

An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.

8.8CVSS8.6AI score0.00526EPSS
CVE
CVE
added 2021/06/02 1:15 p.m.40 views

CVE-2021-24012

An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.

7.5CVSS7AI score0.00068EPSS
CVE
CVE
added 2017/05/23 5:29 p.m.39 views

CVE-2017-3128

A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.

4.8CVSS5.2AI score0.00307EPSS
CVE
CVE
added 2017/11/13 2:29 p.m.39 views

CVE-2017-7739

A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously craft...

6.1CVSS5.9AI score0.00621EPSS
CVE
CVE
added 2018/11/27 3:29 p.m.39 views

CVE-2018-13376

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.

7.5CVSS7.5AI score0.01485EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.38 views

CVE-2014-8616

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.

4.3CVSS5.8AI score0.00323EPSS
CVE
CVE
added 2020/03/15 11:15 p.m.38 views

CVE-2019-6696

An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.

6.1CVSS6.2AI score0.00197EPSS
CVE
CVE
added 2021/11/02 6:15 p.m.38 views

CVE-2021-41019

An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.

6.5CVSS6.3AI score0.00094EPSS
CVE
CVE
added 2023/10/10 5:15 p.m.38 views

CVE-2023-36555

An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components.

5.4CVSS5.8AI score0.00124EPSS
CVE
CVE
added 2025/06/10 5:21 p.m.38 views

CVE-2025-24471

An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.

6.5CVSS7.2AI score0.00029EPSS
CVE
CVE
added 2017/03/30 2:59 p.m.37 views

CVE-2016-7541

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.

5.9CVSS5.7AI score0.00228EPSS
CVE
CVE
added 2018/09/05 1:29 p.m.37 views

CVE-2018-9192

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx bei...

5.9CVSS5.6AI score0.00174EPSS
CVE
CVE
added 2025/02/11 5:15 p.m.37 views

CVE-2023-40721

A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.6, FortiProxy version 7.4.0 and before 7.2.7, FortiPAM version 1.1.2 and before 1.0.3, FortiSwitchManager version 7.2.0 through 7.2.2 and before 7.0.2 allows a privile...

6.7CVSS6.9AI score0.00032EPSS
CVE
CVE
added 2023/12/13 7:15 a.m.37 views

CVE-2023-41678

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.

8.8CVSS8.8AI score0.00281EPSS
CVE
CVE
added 2025/06/10 5:21 p.m.37 views

CVE-2025-25250

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.

4.3CVSS4.6AI score0.0004EPSS
CVE
CVE
added 2015/10/15 8:59 p.m.36 views

CVE-2015-7361

FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.

9.3CVSS7.3AI score0.00737EPSS
CVE
CVE
added 2018/07/05 1:29 p.m.36 views

CVE-2018-9185

An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.

8.1CVSS7.5AI score0.0116EPSS
CVE
CVE
added 2021/03/03 4:15 p.m.36 views

CVE-2020-15937

An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.

6.1CVSS5.9AI score0.00327EPSS
CVE
CVE
added 2025/01/14 2:15 p.m.36 views

CVE-2023-42785

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.

6.5CVSS6.2AI score0.00853EPSS
CVE
CVE
added 2025/01/14 2:15 p.m.36 views

CVE-2023-42786

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.

6.5CVSS6.2AI score0.00853EPSS
CVE
CVE
added 2015/02/02 4:59 p.m.35 views

CVE-2015-1451

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request.

3.5CVSS5.5AI score0.00239EPSS
CVE
CVE
added 2023/10/10 5:15 p.m.33 views

CVE-2023-41675

A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching pro...

5.3CVSS5.4AI score0.00402EPSS
CVE
CVE
added 2025/07/08 3:15 p.m.32 views

CVE-2024-55599

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions may allow a remote unauthenticated ...

5.3CVSS7AI score0.00033EPSS
CVE
CVE
added 2018/09/05 1:29 p.m.31 views

CVE-2018-9194

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used.

5.9CVSS5.6AI score0.00174EPSS
CVE
CVE
added 2021/12/08 11:15 a.m.31 views

CVE-2021-26110

An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted ...

7.8CVSS7.5AI score0.00042EPSS
CVE
CVE
added 2025/07/15 9:15 a.m.31 views

CVE-2025-24477

A heap-based buffer overflow in Fortinet FortiOS versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2.4 through 7.2.11 allows an attacker to escalate its privileges via a specially crafted CLI command

6.7CVSS7.6AI score0.00016EPSS
CVE
CVE
added 2025/06/10 5:21 p.m.29 views

CVE-2025-22251

An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization p...

5.3CVSS4.1AI score0.00082EPSS
CVE
CVE
added 2025/07/08 3:15 p.m.28 views

CVE-2024-52965

A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user us...

7.2CVSS7.3AI score0.00034EPSS
Total number of security vulnerabilities233