Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortios vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-36555
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an malicious user to execute unauthorized code or commands via the SAML and Security Fabric components.
Fortinet Fortios
9.8
CVSSv3
CVE-2023-28001
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an malicious user to execute unauthorized code or commands via reusing the session of a deleted user in the REST API.
Fortinet Fortios
4.5
CVSSv3
CVE-2020-15936
A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows malicious user to disclose sensitive information via SNI Client Hello TLS packets.
Fortinet Fortios
6.1
CVSSv3
CVE-2020-15937
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote malicious user to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.
Fortinet Fortios
6.1
CVSSv3
CVE-2022-23438
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote malicious user to perform a reflected cross site scripting (XSS) att...
Fortinet Fortios
NA
CVE-2015-5965
The SSL-VPN feature in Fortinet FortiOS prior to 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote malicious users to spoof encrypted content via a crafted MAC field.
Fortinet Fortios
6.1
CVSSv3
CVE-2012-0941
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x prior to 4.3.6 allow remote malicious users to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Repor...
Fortinet Fortios
4.3
CVSSv3
CVE-2022-23442
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 up to and including 6.2.11, 6.4.0 up to and including 6.4.8 and 7.0.0 up to and including 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about...
Fortinet Fortios
7.2
CVSSv3
CVE-2017-7738
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI comm...
Fortinet Fortios
7.3
CVSSv3
CVE-2021-24012
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
Fortinet Fortios
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »