Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortios vulnerabilities and exploits
(subscribe to this query)
446
VMScore
CVE-2018-13382
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated malicious user to modify the password of an SSL V...
Fortinet Fortios
4 Github repositories
516
VMScore
CVE-2018-13384
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote malicious user to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.
Fortinet Fortios
445
VMScore
CVE-2019-17655
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 up to and including 6.2.2, 6.0.9 and previous versions and FortiProxy 2.0.0, 1.2.9 and previous versions may allow an malicious user to retrieve a logged-in SSL VPN user's credentials s...
Fortinet Fortios
435
VMScore
CVE-2017-3133
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and previous versions allows malicious users to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
Fortinet Fortios
1 EDB exploit
NA
CVE-2023-36555
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an malicious user to execute unauthorized code or commands via the SAML and Security Fabric components.
Fortinet Fortios
801
VMScore
CVE-2017-17544
A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations.
Fortinet Fortios
NA
CVE-2022-42469
A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.
Fortinet Fortios
NA
CVE-2023-29182
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS prior to 7.0.3 allows a privileged malicious user to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.
Fortinet Fortios
1 Article
312
VMScore
CVE-2017-14186
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An...
Fortinet Fortios
445
VMScore
CVE-2020-12818
An insufficient logging vulnerability in FortiGate prior to 6.4.1 may allow the traffic from an unauthenticated malicious user to Fortinet owned IP addresses to go unnoticed.
Fortinet Fortios
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »