Fortios@5.0.7 Security Vulnerabilities and Issues — Fortios@5.0.7 CVE List

Lucene search

FortinetFortios5.0.7

11 matches found

CVE•added 2016/01/15 8:59 p.m.•105 views

CVE-2016-1909

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows ...

10CVSS9.2AI score0.79714EPSS

CVE•added 2014/09/10 6:55 p.m.•70 views

CVE-2014-0351

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the clien...

5.4CVSS6.1AI score0.00071EPSS

CVE•added 2015/02/10 8:59 p.m.•66 views

CVE-2015-1571

The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the Fortinet_Factory certificate and priva...

4.3CVSS6.5AI score0.00155EPSS

CVE•added 2014/08/25 2:55 p.m.•50 views

CVE-2014-2216

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request.

7.5CVSS7.8AI score0.05813EPSS

CVE•added 2016/04/08 2:59 p.m.•49 views

CVE-2016-3978

The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login."

6.1CVSS6AI score0.05549EPSS

CVE•added 2015/08/11 2:59 p.m.•47 views

CVE-2015-2323

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.

6.4CVSS6.7AI score0.00288EPSS

CVE•added 2017/08/10 9:29 p.m.•46 views

CVE-2017-3130

An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.

7.5CVSS7.1AI score0.00291EPSS

CVE•added 2015/02/02 4:59 p.m.•43 views

CVE-2015-1452

The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages.

7.8CVSS6.8AI score0.00977EPSS

CVE•added 2017/05/23 5:29 p.m.•39 views

CVE-2017-3128

A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.

4.8CVSS5.2AI score0.00307EPSS

CVE•added 2017/03/30 2:59 p.m.•37 views

CVE-2016-7541

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.

5.9CVSS5.7AI score0.00228EPSS

CVE•added 2015/02/02 4:59 p.m.•35 views

CVE-2015-1451

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request.

3.5CVSS5.5AI score0.00239EPSS