Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortios vulnerabilities and exploits
(subscribe to this query)
6.2
CVSSv3
CVE-2017-14187
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows malicious user to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the afore...
Fortinet Fortios
6.1
CVSSv3
CVE-2017-14190
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and previous versions, allows malicious user to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.
Fortinet Fortios
7.1
CVSSv3
CVE-2022-41328
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 up to and including 7.2.3, 7.0.0 up to and including 7.0.9 and prior to 6.4.11 allows a privileged malicious user to read and write ...
Fortinet Fortios
1 Github repository
3 Articles
6.1
CVSSv3
CVE-2022-41334
An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated malicious user to launch a cross site scripting (XSS) attack via the "redir" parameter of the ...
Fortinet Fortios
9.8
CVSSv3
CVE-2018-13379
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticat...
Fortinet Fortios
2 EDB exploits
21 Github repositories
9 Articles
6.1
CVSSv3
CVE-2017-3132
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and previous versions allows malicious users to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
Fortinet Fortios
1 EDB exploit
6.1
CVSSv3
CVE-2017-3133
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and previous versions allows malicious users to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
Fortinet Fortios
1 EDB exploit
4.5
CVSSv3
CVE-2020-15936
A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows malicious user to disclose sensitive information via SNI Client Hello TLS packets.
Fortinet Fortios
6.1
CVSSv3
CVE-2020-15937
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote malicious user to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.
Fortinet Fortios
7.5
CVSSv3
CVE-2020-15938
When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.
Fortinet Fortios
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »