Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortios vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-14190
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and previous versions, allows malicious user to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.
Fortinet Fortios
NA
CVE-2022-23438
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote malicious user to perform a reflected cross site scripting (XSS) att...
Fortinet Fortios
NA
CVE-2022-23442
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 up to and including 6.2.11, 6.4.0 up to and including 6.4.8 and 7.0.0 up to and including 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about...
Fortinet Fortios
NA
CVE-2023-41841
An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions.
Fortinet Fortios
801
VMScore
CVE-2017-17544
A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations.
Fortinet Fortios
445
VMScore
CVE-2019-17655
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 up to and including 6.2.2, 6.0.9 and previous versions and FortiProxy 2.0.0, 1.2.9 and previous versions may allow an malicious user to retrieve a logged-in SSL VPN user's credentials s...
Fortinet Fortios
NA
CVE-2022-42469
A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.
Fortinet Fortios
356
VMScore
CVE-2020-15936
A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows malicious user to disclose sensitive information via SNI Client Hello TLS packets.
Fortinet Fortios
383
VMScore
CVE-2020-15938
When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.
Fortinet Fortios
383
VMScore
CVE-2021-41019
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.
Fortinet Fortios
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27842
CVE-2024-30657
CVE-2024-4534
hardcoded
SSRF
CVE-2024-21683
CVE-2024-5364
file upload
CVE-2024-5371
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »