Fortios@5.2.3 Security Vulnerabilities and Issues — Fortios@5.2.3 CVE List

Lucene search

FortinetFortios5.2.3

9 matches found

CVE•added 2015/08/11 2:59 p.m.•47 views

CVE-2015-2323

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.

6.4CVSS6.7AI score0.00288EPSS

CVE•added 2017/08/10 9:29 p.m.•46 views

CVE-2017-3130

An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.

7.5CVSS7.1AI score0.00291EPSS

CVE•added 2017/03/30 2:59 p.m.•45 views

CVE-2016-7542

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.

4.9CVSS5.1AI score0.00414EPSS

CVE•added 2017/09/12 2:29 a.m.•45 views

CVE-2017-7735

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.

5.4CVSS5.6AI score0.00305EPSS

CVE•added 2017/06/01 2:29 p.m.•41 views

CVE-2017-3127

A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.

6.1CVSS6.2AI score0.00313EPSS

CVE•added 2017/05/23 5:29 p.m.•39 views

CVE-2017-3128

A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.

4.8CVSS5.2AI score0.00307EPSS

CVE•added 2017/11/13 2:29 p.m.•39 views

CVE-2017-7739

A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously craft...

6.1CVSS5.9AI score0.00621EPSS

CVE•added 2017/03/30 2:59 p.m.•37 views

CVE-2016-7541

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.

5.9CVSS5.7AI score0.00228EPSS

CVE•added 2015/10/15 8:59 p.m.•36 views

CVE-2015-7361

FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.

9.3CVSS7.3AI score0.00737EPSS