Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortios vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-29055
A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 up to and including 7.0.5, 6.4.0 up to and including 6.4.8, 6.2.0 up to and including 6.2.10, 6.0.x, FortiProxy version 7.0.0 up to and including 7.0.4, 2.0.0 up to and including 2.0.9, 1.2.x allows a remo...
Fortinet Fortios
Fortinet Fortios 7.2.0
Fortinet Fortiproxy 7.2.0
Fortinet Fortiproxy
8.8
CVSSv3
CVE-2023-36639
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 up to and including 7.2.4, 7.0.0 up to and including 7.0.10, FortiOS versions 7.4.0, 7.2.0 up to and including 7.2.4, 7.0.0 up to and including 7.0.11, 6.4.0 up to and including 6.4.12, 6.2.0 up to...
Fortinet Fortios
Fortinet Fortiproxy
Fortinet Fortios 7.4.0
Fortinet Fortipam 1.1.0
Fortinet Fortipam
7.8
CVSSv3
CVE-2021-26110
An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged malicious user to escalate their privileges to super_admi...
Fortinet Fortiproxy 2.0.0
Fortinet Fortiproxy
Fortinet Fortios
Fortinet Fortios 7.0.0
Fortinet Fortiproxy 2.0.1
3.3
CVSSv3
CVE-2022-29054
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 up to and including 7.0.5, 6.4.0 up to and including 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key ...
Fortinet Fortiproxy
Fortinet Fortios 7.2.0
Fortinet Fortiproxy 7.2.0
Fortinet Fortios
Fortinet Fortiproxy 7.2.1
7.5
CVSSv3
CVE-2019-15703
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows malicious user to theoretically recover the long term ECDSA secret in a TLS client with a RSA ...
Fortinet Fortios
5.3
CVSSv3
CVE-2017-14185
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.
Fortinet Fortios
6.2
CVSSv3
CVE-2017-14187
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows malicious user to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the afore...
Fortinet Fortios
6.1
CVSSv3
CVE-2017-14190
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and previous versions, allows malicious user to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.
Fortinet Fortios
7.8
CVSSv3
CVE-2021-44168
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS prior to 7.0.3 may allow a local authenticated malicious user to download arbitrary files on the device via specially crafted update packages.
Fortinet Fortios
2 Github repositories
8
CVSSv3
CVE-2021-44171
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 up to and including 6.0.14, FortiOS version 6.2.0 up to and including 6.2.10, FortiOS version 6.4.0 up to and including 6.4.8, FortiOS version ...
Fortinet Fortios
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »