Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortios vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2015-5965
The SSL-VPN feature in Fortinet FortiOS prior to 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote malicious users to spoof encrypted content via a crafted MAC field.
Fortinet Fortios
516
VMScore
CVE-2018-13379
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticat...
Fortinet Fortios
2 EDB exploits
21 Github repositories
9 Articles
445
VMScore
CVE-2019-17655
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 up to and including 6.2.2, 6.0.9 and previous versions and FortiProxy 2.0.0, 1.2.9 and previous versions may allow an malicious user to retrieve a logged-in SSL VPN user's credentials s...
Fortinet Fortios
668
VMScore
CVE-2021-24012
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
Fortinet Fortios
383
VMScore
CVE-2015-3626
Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS prior to 5.2.4 on FortiGate devices allows remote malicious users to inject arbitrary web script or HTML via a crafted hostname.
Fortinet Fortios
356
VMScore
CVE-2017-7738
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI comm...
Fortinet Fortios
383
VMScore
CVE-2018-9185
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.
Fortinet Fortios
445
VMScore
CVE-2018-13365
An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow malicious users to learn private IP as well as the hostname of FortiGate via Application Control Block page.
Fortinet Fortios
445
VMScore
CVE-2018-13367
An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated malicious user to gain platform information such as version, models, via parsing a JavaScript file through admin webUI.
Fortinet Fortios
578
VMScore
CVE-2018-13371
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.
Fortinet Fortios
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »