Fortios@5.0.1 Security Vulnerabilities and Issues — Fortios@5.0.1 CVE List

Lucene search

FortinetFortios5.0.1

8 matches found

CVE•added 2016/01/15 8:59 p.m.•105 views

CVE-2016-1909

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows ...

10CVSS9.2AI score0.79714EPSS

CVE•added 2013/07/08 5:55 p.m.•88 views

CVE-2013-1414

Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via ...

5.1CVSS7.2AI score0.00384EPSS

CVE•added 2016/04/08 2:59 p.m.•49 views

CVE-2016-3978

The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login."

6.1CVSS6AI score0.05549EPSS

CVE•added 2013/06/25 2:38 p.m.•47 views

CVE-2013-4604

Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role.

6.5CVSS6.7AI score0.00391EPSS

CVE•added 2015/08/11 2:59 p.m.•47 views

CVE-2015-2323

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.

6.4CVSS6.7AI score0.00288EPSS

CVE•added 2017/08/10 9:29 p.m.•46 views

CVE-2017-3130

An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.

7.5CVSS7.1AI score0.00291EPSS

CVE•added 2017/05/23 5:29 p.m.•39 views

CVE-2017-3128

A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.

4.8CVSS5.2AI score0.00307EPSS

CVE•added 2017/03/30 2:59 p.m.•37 views

CVE-2016-7541

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.

5.9CVSS5.7AI score0.00228EPSS