Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortios vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-13367
An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated malicious user to gain platform information such as version, models, via parsing a JavaScript file through admin webUI.
Fortinet Fortios
6.5
CVSSv2
CVE-2018-13371
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.
Fortinet Fortios
4
CVSSv2
CVE-2018-13374
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows malicious user to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP ser...
Fortinet Fortios
2 Github repositories
1 Article
5
CVSSv2
CVE-2018-13376
An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.
Fortinet Fortios
5
CVSSv2
CVE-2018-13382
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated malicious user to modify the password of an SSL V...
Fortinet Fortios
4 Github repositories
5.8
CVSSv2
CVE-2018-13384
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote malicious user to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.
Fortinet Fortios
NA
CVE-2023-41841
An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions.
Fortinet Fortios
4.3
CVSSv2
CVE-2018-9185
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.
Fortinet Fortios
2.6
CVSSv2
CVE-2019-15703
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows malicious user to theoretically recover the long term ECDSA secret in a TLS client with a RSA ...
Fortinet Fortios
5
CVSSv2
CVE-2019-15705
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote malicious user to crash the SSL VPN service by sending a crafted POST request.
Fortinet Fortios
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »