fortinet

1,136 tracked vulnerabilities.

CVE-2018-13381 MEDIUM
FortiProxy <= 1.2.8 and FortiOS < 5.2.14 - Unauthenticated Denial of Service via SSL VPN Web Portal
Jun 04, 2019
CVSS 5.3
EPSS 0.02
CVE-2018-13380 MEDIUM NUCLEI
FortiOS < 6.0.5, 5.6.8, 5.4.13 & FortiProxy < 2.0.1, 1.2.9 XSS via SSL VPN Error Handling
Jun 04, 2019
CVSS 4.7
EPSS 0.62
CVE-2018-13379 CRITICAL KEVNUCLEI
FortiProxy < 1.2.9 and FortiOS 5.4.6-5.4.12 - Unauthenticated Path Traversal via SSL VPN Web Portal
Jun 04, 2019
CVSS 9.1
EPSS 1.00
CVE-2018-9193 HIGH
FortiClient for Windows <6.0.5 - Privilege Escalation
May 30, 2019
CVSS 7.8
EPSS 0.00
CVE-2018-9191 HIGH
FortiClient < 6.0.4 - Local Privilege Escalation via Update Named Pipe
May 30, 2019
CVSS 7.8
EPSS 0.00
CVE-2018-13368 HIGH
Fortinet FortiClient < 6.0.4 - Local Privilege Escalation via Command Injection
May 30, 2019
CVSS 7.8
EPSS 0.01
CVE-2018-13365 MEDIUM
Fortinet FortiOS < 5.6.5 - Information Exposure via Application Control Block Page
May 29, 2019
CVSS 5.3
EPSS 0.01
CVE-2018-13383 MEDIUM KEV
FortiProxy < 1.2.9 and FortiOS 5.2.0-5.2.14 - Heap Buffer Overflow in SSL VPN Web Portal
May 29, 2019
CVSS 4.3
EPSS 0.34
CVE-2018-13375 MEDIUM
Fortinet FortiAnalyzer and FortiManager < 5.6.0 - Stored Cross-Site Scripting via DHCP HOSTNAME Parameter
May 28, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-1360 HIGH
Fortinet FortiManager 5.2.0-5.2.7, 5.4.0-5.4.1 - Cleartext Transmission of Sensitive Information via REST API
Apr 25, 2019
CVSS 8.1
EPSS 0.01
CVE-2018-13378 HIGH
Fortinet FortiSIEM < 5.2.0 - Unauthenticated LDAP Password Exposure via HTML Source Code
Apr 17, 2019
CVSS 7.2
EPSS 0.01
CVE-2018-1356 MEDIUM
Fortinet FortiSandbox < 3.0.0 - Reflected Cross-Site Scripting via back_url Parameter
Apr 09, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-13366 MEDIUM
Fortinet FortiOS <= 5.6.7 - Information Disclosure via PPTP Hostname Field
Apr 09, 2019
CVSS 5.3
EPSS 0.01
CVE-2018-9190 MEDIUM
FortiClientWindows < 6.0.2 - Denial of Service via NDIS Miniport Driver
Feb 08, 2019
CVSS 5.5
EPSS 0.00
CVE-2018-1352 CRITICAL
FortiOS 5.6.0 - Remote Code Execution via SSH Username Format String
Feb 08, 2019
CVSS 9.8
EPSS 0.01
CVE-2018-13374 MEDIUM KEV
FortiOS < 6.0.3 and FortiADC 5.4.0-5.4.4 - LDAP Server Credential Exposure via Connectivity Test Request
Jan 22, 2019
CVSS 4.3
EPSS 0.38
CVE-2018-13376 HIGH
Fortinet FortiOS <5.6.3, <5.4.7, <5.2 - Memory Corruption
Nov 27, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-9194 MEDIUM
FortiOS 5.4.6-5.4.9, 6.0.0-6.0.1 - Plaintext Recovery and Man-in-the-Middle Attack via RSA PKCS #1 v1.5 Encryption
Sep 05, 2018
CVSS 5.9
EPSS 0.01
CVE-2018-9192 MEDIUM
FortiOS 5.4.6-5.4.9, 6.0.0-6.0.1 - Plaintext Recovery and Man-in-the-Middle Attack via RSA PKCS #1 v1.5 Encryption
Sep 05, 2018
CVSS 5.9
EPSS 0.01
CVE-2018-1353 MEDIUM
Fortinet FortiManager < 6.0.1 - Unauthorized Interface Settings Exposure via ADOM Assignment
Sep 05, 2018
CVSS 4.3
EPSS 0.01
CVE-2018-9185 HIGH
Fortinet FortiOS < 6.0.0 - Unauthenticated Exposure of Web Portal Credentials via Single Sign-On Bookmark Feature
Jul 05, 2018
CVSS 8.1
EPSS 0.02
CVE-2018-1351 MEDIUM
Fortinet FortiManager < 6.0.0 - Cross-Site Scripting via Remote Device CLI Config Log
Jun 28, 2018
CVSS 4.8
EPSS 0.01
CVE-2018-1355 MEDIUM
FortiAnalyzer and FortiManager < 5.6.5 - Open Redirect via FortiView PDF Conversion
Jun 27, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-1354 MEDIUM
FortiAnalyzer and FortiManager < 6.0.0 - Unauthenticated Arbitrary Avatar Picture Modification
Jun 27, 2018
CVSS 6.5
EPSS 0.02
CVE-2018-9186 MEDIUM
Fortinet FortiAuthenticator 4.0.0-5.2.9 - Cross-Site Scripting via HTTP Referer Header
May 31, 2018
CVSS 6.1
EPSS 0.01