Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortios vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-0941
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x prior to 4.3.6 allow remote malicious users to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Repor...
Fortinet Fortios
4.3
CVSSv2
CVE-2020-15938
When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.
Fortinet Fortios
5
CVSSv2
CVE-2019-15705
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote malicious user to crash the SSL VPN service by sending a crafted POST request.
Fortinet Fortios
4
CVSSv2
CVE-2017-7738
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI comm...
Fortinet Fortios
NA
CVE-2023-28001
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an malicious user to execute unauthorized code or commands via reusing the session of a deleted user in the REST API.
Fortinet Fortios
NA
CVE-2021-44171
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 up to and including 6.0.14, FortiOS version 6.2.0 up to and including 6.2.10, FortiOS version 6.4.0 up to and including 6.4.8, FortiOS version ...
Fortinet Fortios
4.3
CVSSv2
CVE-2017-3132
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and previous versions allows malicious users to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
Fortinet Fortios
1 EDB exploit
5.5
CVSSv2
CVE-2021-41032
An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI com...
Fortinet Fortios
4.6
CVSSv2
CVE-2021-44168
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS prior to 7.0.3 may allow a local authenticated malicious user to download arbitrary files on the device via specially crafted update packages.
Fortinet Fortios
2 Github repositories
5
CVSSv2
CVE-2018-13376
An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.
Fortinet Fortios
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »