Filtered by vendor Fortinet
Subscriptions
Filtered by product Fortios
Subscriptions
Total
218 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26109 | 1 Fortinet | 1 Fortios | 2024-11-21 | 8.1 High |
| An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution. | ||||
| CVE-2021-26108 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.5 High |
| A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering. | ||||
| CVE-2021-26103 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 6.3 Medium |
| An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability. | ||||
| CVE-2021-26092 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.7 Medium |
| Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters. | ||||
| CVE-2021-24018 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4.3 Medium |
| A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image. | ||||
| CVE-2021-24012 | 1 Fortinet | 1 Fortios | 2024-11-21 | 6.5 Medium |
| An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority. | ||||
| CVE-2020-6648 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 5.3 Medium |
| A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command. | ||||
| CVE-2020-15938 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4 Medium |
| When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header. | ||||
| CVE-2020-15937 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4.7 Medium |
| An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard. | ||||
| CVE-2020-15936 | 1 Fortinet | 1 Fortios | 2024-11-21 | 2.6 Low |
| A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. | ||||
| CVE-2020-12818 | 1 Fortinet | 36 Fortigate 1000d, Fortigate 100e, Fortigate 100f and 33 more | 2024-11-21 | 5.3 Medium |
| An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. | ||||
| CVE-2019-6696 | 1 Fortinet | 1 Fortios | 2024-11-21 | 6.1 Medium |
| An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. | ||||
| CVE-2019-6693 | 1 Fortinet | 1 Fortios | 2024-11-21 | 6.5 Medium |
| Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set). | ||||
| CVE-2019-5593 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.5 Medium |
| Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below. | ||||
| CVE-2019-5588 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
| A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests. | ||||
| CVE-2019-5587 | 1 Fortinet | 1 Fortios | 2024-11-21 | 6.5 Medium |
| Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods. | ||||
| CVE-2019-5586 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
| A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests. | ||||
| CVE-2019-17656 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 5.4 Medium |
| A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. | ||||
| CVE-2019-17655 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.3 Medium |
| A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system. | ||||
| CVE-2019-15705 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.5 High |
| An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. | ||||