Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortios vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2021-24018
A buffer underwrite vulnerability in the firmware verification routine of FortiOS prior to 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.
Fortinet Fortios 7.0.0
Fortinet Fortios
5.8
CVSSv2
CVE-2019-6696
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an malicious user to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.
Fortinet Fortios
Fortinet Fortios 6.2.0
Fortinet Fortios 6.2.1
5.8
CVSSv2
CVE-2018-13384
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote malicious user to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.
Fortinet Fortios
5.5
CVSSv2
CVE-2021-41032
An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI com...
Fortinet Fortios
5.4
CVSSv2
CVE-2014-0351
The FortiManager protocol service in Fortinet FortiOS prior to 4.3.16 and 5.x prior to 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle malicious users to obtain sensitive information or interfere with communic...
Fortinet Fortios 5.0.7
Fortinet Fortios 5.0.6
Fortinet Fortios 5.0.5
Fortinet Fortios 4.3.12
Fortinet Fortios 4.3.10
Fortinet Fortios 4.3.14
Fortinet Fortios 4.3.13
Fortinet Fortios 5.0.0
Fortinet Fortios
Fortinet Fortios 5.0.4
Fortinet Fortios 5.0.3
5.1
CVSSv2
CVE-2021-26103
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated malicious us...
Fortinet Fortiproxy
Fortinet Fortios
Fortinet Fortios 7.0.0
5.1
CVSSv2
CVE-2013-1414
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices prior to 4.3.13 and 5.x prior to 5.0.2 allow remote malicious users to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, o...
Fortinet Fortios 5.0.1
Fortinet Fortios 5.0
Fortinet Fortios
Fortinet Fortios 4.3.10
Fortinet Fortigate-3040b -
Fortinet Fortigate-3240c -
Fortinet Fortigate-5001b -
Fortinet Fortigate-80c -
Fortinet Fortigate-40c -
Fortinet Fortigate-20c -
Fortinet Fortigate-110c -
Fortinet Fortigate-voice-80c -
Fortinet Fortigate-1240b -
Fortinet Fortigate-300c -
Fortinet Fortigate-5020 -
Fortinet Fortigate-3950b -
Fortinet Fortigate-311b -
Fortinet Fortigate-310b -
Fortinet Fortigate-800c -
Fortinet Fortigate-5001a-sw -
Fortinet Fortigate-5101c -
Fortinet Fortigate-600c -
1 EDB exploit
5
CVSSv2
CVE-2021-41024
A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized malicious user to inject path traversal character sequences to disclose sensitive information of the server via the GET req...
Fortinet Fortiproxy 7.0.0
Fortinet Fortios 7.0.0
Fortinet Fortios 7.0.1
5
CVSSv2
CVE-2021-26108
A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS prior to 7.0.1 may allow an malicious user to retrieve the key by reverse engineering.
Fortinet Fortios
Fortinet Fortios 7.0.0
5
CVSSv2
CVE-2020-12818
An insufficient logging vulnerability in FortiGate prior to 6.4.1 may allow the traffic from an unauthenticated malicious user to Fortinet owned IP addresses to go unnoticed.
Fortinet Fortios
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »