Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-24020
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 up to and including 6.4.4, and 6.2.0 up to and including 6.2.7 may allow an unauthenticated malicious user to tamper with signed URLs by appending further data which allows bypass o...
Fortinet Fortimail
9.8
CVSSv3
CVE-2020-6649
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an malicious user to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothet...
Fortinet Fortiisolator
9.8
CVSSv3
CVE-2020-29016
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 up to and including 6.3.5 and version prior to 6.2.4 may allow an unauthenticated, remote malicious user to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a ...
Fortinet Fortiweb
9.8
CVSSv3
CVE-2020-29015
A blind SQL injection in the user interface of FortiWeb 6.3.0 up to and including 6.3.7 and version prior to 6.2.4 may allow an unauthenticated, remote malicious user to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing ...
Fortinet Fortiweb
9.8
CVSSv3
CVE-2020-12812
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
Fortinet Fortios
Fortinet Fortios 6.4.0
1 Github repository
2 Articles
9.8
CVSSv3
CVE-2020-9292
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an malicious user to gain elevated privileges via the AoWinAgt executable service path.
Fortinet Fortisiem Windows Agent
9.8
CVSSv3
CVE-2020-9294
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and previous versions and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated malicious user to access the system as a legitimate user by requesting a password change via the user inter...
Fortinet Fortimail
Fortinet Fortivoice
1 Metasploit module
9.8
CVSSv3
CVE-2019-17658
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an malicious user to gain elevated privileges via the FortiClientConsole executable service path.
Fortinet Forticlient
1 Github repository
9.8
CVSSv3
CVE-2015-3613
A vulnerability exists in in FortiManager 5.2.1 and previous versions and 5.0.10 and previous versions in the WebUI FTP backup page
Fortinet Fortimanager
9.8
CVSSv3
CVE-2019-16153
A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow malicious users to access the device database via the use of static credentials.
Fortinet Fortisiem
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »