Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortios vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2022-29054
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 up to and including 7.0.5, 6.4.0 up to and including 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key ...
Fortinet Fortiproxy
Fortinet Fortios 7.2.0
Fortinet Fortiproxy 7.2.0
Fortinet Fortios
Fortinet Fortiproxy 7.2.1
7.5
CVSSv3
CVE-2019-15703
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows malicious user to theoretically recover the long term ECDSA secret in a TLS client with a RSA ...
Fortinet Fortios
8.1
CVSSv3
CVE-2018-9185
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.
Fortinet Fortios
5.3
CVSSv3
CVE-2017-14185
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.
Fortinet Fortios
5.4
CVSSv3
CVE-2017-14186
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An...
Fortinet Fortios
6.2
CVSSv3
CVE-2017-14187
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows malicious user to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the afore...
Fortinet Fortios
6.1
CVSSv3
CVE-2017-14190
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and previous versions, allows malicious user to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.
Fortinet Fortios
9.8
CVSSv3
CVE-2018-13379
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticat...
Fortinet Fortios
2 EDB exploits
21 Github repositories
9 Articles
5.4
CVSSv3
CVE-2021-41032
An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI com...
Fortinet Fortios
8
CVSSv3
CVE-2021-44171
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 up to and including 6.0.14, FortiOS version 6.2.0 up to and including 6.2.10, FortiOS version 6.4.0 up to and including 6.4.8, FortiOS version ...
Fortinet Fortios
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »