Fortios@5.2.2 Security Vulnerabilities and Issues — Fortios@5.2.2 CVE List

Lucene search

FortinetFortios5.2.2

11 matches found

CVE•added 2015/05/12 7:59 p.m.•61 views

CVE-2015-1880

Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.59363EPSS

CVE•added 2016/04/08 2:59 p.m.•49 views

CVE-2016-3978

The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login."

6.1CVSS6AI score0.05549EPSS

CVE•added 2015/08/11 2:59 p.m.•47 views

CVE-2015-2323

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.

6.4CVSS6.7AI score0.00288EPSS

CVE•added 2017/08/10 9:29 p.m.•46 views

CVE-2017-3130

An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.

7.5CVSS7.1AI score0.00291EPSS

CVE•added 2017/03/30 2:59 p.m.•45 views

CVE-2016-7542

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.

4.9CVSS5.1AI score0.00414EPSS

CVE•added 2017/09/12 2:29 a.m.•45 views

CVE-2017-7735

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.

5.4CVSS5.6AI score0.00305EPSS

CVE•added 2017/06/01 2:29 p.m.•41 views

CVE-2017-3127

A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.

6.1CVSS6.2AI score0.00313EPSS

CVE•added 2017/05/23 5:29 p.m.•39 views

CVE-2017-3128

A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.

4.8CVSS5.2AI score0.00307EPSS

CVE•added 2017/11/13 2:29 p.m.•39 views

CVE-2017-7739

A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously craft...

6.1CVSS5.9AI score0.00621EPSS

CVE•added 2015/05/12 7:59 p.m.•38 views

CVE-2014-8616

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.

4.3CVSS5.8AI score0.00323EPSS

CVE•added 2017/03/30 2:59 p.m.•37 views

CVE-2016-7541

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.

5.9CVSS5.7AI score0.00228EPSS