Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortios vulnerabilities and exploits
(subscribe to this query)
357
VMScore
CVE-2018-13374
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows malicious user to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP ser...
Fortinet Fortios
2 Github repositories
1 Article
445
VMScore
CVE-2018-13376
An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.
Fortinet Fortios
516
VMScore
CVE-2018-13384
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote malicious user to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.
Fortinet Fortios
445
VMScore
CVE-2020-12818
An insufficient logging vulnerability in FortiGate prior to 6.4.1 may allow the traffic from an unauthenticated malicious user to Fortinet owned IP addresses to go unnoticed.
Fortinet Fortios
383
VMScore
CVE-2021-41019
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.
Fortinet Fortios
NA
CVE-2022-23438
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote malicious user to perform a reflected cross site scripting (XSS) att...
Fortinet Fortios
NA
CVE-2022-23442
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 up to and including 6.2.11, 6.4.0 up to and including 6.4.8 and 7.0.0 up to and including 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about...
Fortinet Fortios
445
VMScore
CVE-2019-17655
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 up to and including 6.2.2, 6.0.9 and previous versions and FortiProxy 2.0.0, 1.2.9 and previous versions may allow an malicious user to retrieve a logged-in SSL VPN user's credentials s...
Fortinet Fortios
NA
CVE-2022-41328
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 up to and including 7.2.3, 7.0.0 up to and including 7.0.9 and prior to 6.4.11 allows a privileged malicious user to read and write ...
Fortinet Fortios
1 Github repository
3 Articles
NA
CVE-2022-41334
An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated malicious user to launch a cross site scripting (XSS) attack via the "redir" parameter of the ...
Fortinet Fortios
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »