Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortios vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-8616
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x prior to 5.2.3 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.
Fortinet Fortios 5.2.0
Fortinet Fortios 5.2.1
Fortinet Fortios 5.2.2
4.3
CVSSv2
CVE-2015-1880
Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x prior to 5.2.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Fortinet Fortios 5.2.2
Fortinet Fortios 5.2.0
Fortinet Fortios 5.2.1
NA
CVE-2022-41335
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 up to and including 7.2.2, 7.0.0 up to and including 7.0.8 and prior to 6.4.10, FortiProxy version 7.2.0 up to and including 7.2.1, 7.0.0 up to and including 7.0.7 and prior to 2.0.10, FortiSwitchM...
Fortinet Fortiswitchmanager 7.0.0
Fortinet Fortiswitchmanager 7.2.0
Fortinet Fortiproxy
Fortinet Fortiproxy 7.2.0
Fortinet Fortiproxy 7.2.1
Fortinet Fortios 7.2.0
Fortinet Fortios
Fortinet Fortios 7.2.1
Fortinet Fortios 7.2.2
NA
CVE-2022-22302
A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 up to and including 6.4.1, 6.2.0 up to and including 6.2.9 and 6.0.0 up to and including 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a l...
Fortinet Fortios 6.4.0
Fortinet Fortios
Fortinet Fortiauthenticator 6.1.0
Fortinet Fortios 6.4.1
Fortinet Fortiauthenticator 5.5.0
Fortinet Fortiauthenticator
NA
CVE-2023-44250
An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 up to and including 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 up to and including 7.4.1 allows an authenticated malicious user to perform elevated actions vi...
Fortinet Fortios 7.4.0
Fortinet Fortios 7.2.5
Fortinet Fortiproxy 7.4.0
Fortinet Fortiproxy 7.4.1
Fortinet Fortios 7.4.1
5.1
CVSSv2
CVE-2021-26103
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated malicious us...
Fortinet Fortiproxy
Fortinet Fortios
Fortinet Fortios 7.0.0
NA
CVE-2023-47536
An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated malicious user to bypass th...
Fortinet Fortios 7.2.0
Fortinet Fortiproxy
Fortinet Fortios
NA
CVE-2023-29175
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 up to and including 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 up to and including 7.0.9, 7.2.0 up to and including 7.2.3 may allow a remote...
Fortinet Fortiproxy
Fortinet Fortios 7.2.0
Fortinet Fortios
2.9
CVSSv2
CVE-2022-22306
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 up to and including 6.0.14, 6.2.0 up to and including 6.2.10, 6.4.0 up to and including 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated malicious user to man-in-the-middle the communication ...
Fortinet Fortios 7.0.0
Fortinet Fortios
7.5
CVSSv2
CVE-2020-12812
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
Fortinet Fortios
Fortinet Fortios 6.4.0
1 Github repository
2 Articles
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »