Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortios vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2016-6909
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x prior to 4.1.11, 4.2.x prior to 4.2.13, and 4.3.x prior to 4.3.9 and FortiSwitch prior to 3.4.3 allows remote malicious users to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
Fortinet Fortios
Fortinet Fortiswitch
1 EDB exploit
10
CVSSv2
CVE-2016-1909
Fortinet FortiAnalyzer prior to 5.0.12 and 5.2.x prior to 5.2.5; FortiSwitch 3.3.x prior to 3.3.3; FortiCache 3.0.x prior to 3.0.8; and FortiOS 4.1.x prior to 4.1.11, 4.2.x prior to 4.2.16, 4.3.x prior to 4.3.17 and 5.0.x prior to 5.0.8 have a hardcoded passphrase for the Fortima...
Fortinet Fortios 5.0.2
Fortinet Fortios 5.0.6
Fortinet Fortios 5.0.7
Fortinet Fortios 5.0
Fortinet Fortios 5.0.1
Fortinet Fortios
Fortinet Fortios 5.0.3
Fortinet Fortios 5.0.4
Fortinet Fortios 5.0.5
Fortinet Fortios 5.0.0
1 EDB exploit
10
CVSSv2
CVE-2005-3057
The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions prior to 3.0 MR1, allows remote malicious users to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as d...
Fortinet Fortios
Fortinet Fortigate 2.8
9.3
CVSSv2
CVE-2015-7361
FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote malicious users to obtain shell access via u...
Fortinet Fortios 5.2.3
9
CVSSv2
CVE-2017-17544
A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations.
Fortinet Fortios
7.8
CVSSv2
CVE-2015-1452
The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote malicious users to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages.
Fortinet Fortios 5.0.7
7.8
CVSSv2
CVE-2005-4570
The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote malicious users to cause a denial of service (termination of a process that is automatically restarted) via IKE packets...
7.5
CVSSv2
CVE-2021-26109
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS prior to 7.0.1 may allow an unauthenticated malicious user to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code executi...
Fortinet Fortios
Fortinet Fortios 7.0.0
7.5
CVSSv2
CVE-2021-24012
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
Fortinet Fortios
7.5
CVSSv2
CVE-2020-12812
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
Fortinet Fortios
Fortinet Fortios 6.4.0
1 Github repository
2 Articles
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »