fortinet

1,136 tracked vulnerabilities.

CVE-2016-7560 CRITICAL
Fortinet FortiWLC - Use of Hard-coded Credentials in rsyncd Server
Oct 05, 2016
CVSS 9.8
EPSS 0.03
CVE-2016-4969 MEDIUM
FortiWan < 4.2.4 - Cross-Site Scripting via IP Parameter
Sep 21, 2016
CVSS 6.1
EPSS 0.02
CVE-2016-4968 MEDIUM
FortiWan < 4.2.5 - Authenticated Administrator Cookie Exposure via linkreport/tmp/admin_global
Sep 21, 2016
CVSS 6.5
EPSS 0.03
CVE-2016-4967 MEDIUM
FortiWan < 4.2.4 - Authenticated Sensitive Information Exposure via Configuration Backup or PCAP Download
Sep 21, 2016
CVSS 6.5
EPSS 0.03
CVE-2016-4966 MEDIUM
FortiWan < 4.2.4 - Authenticated Arbitrary File Download via UserName Parameter
Sep 21, 2016
CVSS 6.5
EPSS 0.02
CVE-2016-4965 HIGH
FortiWan < 4.2.5 - Authenticated Remote Code Execution via nslookup graph parameter
Sep 21, 2016
CVSS 8.8
EPSS 0.04
CVE-2016-4573 CRITICAL
Fortinet FortiSwitch - Unauthenticated Administrative Access via Empty Password Bypass
Sep 09, 2016
CVSS 9.8
EPSS 0.05
CVE-2016-6909 CRITICAL
FortiOS 4.1.0-4.1.10, 4.2.0-4.2.12, 4.3.0-4.3.8 & FortiSwitch <3.4.2 - RCE via Cookie Parser Buffer Overflow
Aug 24, 2016
CVSS 9.8
EPSS 0.50
CVE-2016-3195 MEDIUM
FortiManager and FortiAnalyzer 5.x < 5.0.12, 5.2.x < 5.2.6 - Cross-Site Scripting
Aug 19, 2016
CVSS 6.1
EPSS 0.01
CVE-2016-3194 MEDIUM
FortiManager and FortiAnalyzer 5.x - Cross-Site Scripting in Address Page
Aug 19, 2016
CVSS 6.1
EPSS 0.01
CVE-2016-3193 MEDIUM
FortiManager and FortiAnalyzer 5.x < 5.0.12, 5.2.x < 5.2.6, 5.4.x < 5.4.1 - Authenticated Stored Cross-Site Scripting
Aug 19, 2016
CVSS 5.4
EPSS 0.01
CVE-2016-3196 MEDIUM
FortiAnalyzer/FortiManager 5.x < 5.0.12/5.2.x < 5.2.6 Authenticated Stored XSS via Report Image
Aug 05, 2016
CVSS 5.4
EPSS 0.01
CVE-2016-5092 MEDIUM
FortiWeb < 5.5.3 - Authenticated Path Traversal via Autolearn Feature
Jul 13, 2016
CVSS 4.9
EPSS 0.02
CVE-2016-4066 HIGH
FortiWeb < 5.5.2 - Cross-Site Request Forgery via Password Change Request
Jul 13, 2016
CVSS 8.8
EPSS 0.01
CVE-2016-3978 MEDIUM NUCLEI
FortiOS 5.0.x < 5.0.13, 5.2.x < 5.2.3, 5.4.x < 5.4.0 - Cross-Site Scripting via Login Redirect Parameter
Apr 08, 2016
CVSS 6.1
EPSS 0.07
CVE-2016-1909 CRITICAL
Fortinet <5.0.12 - Hardcoded Passphrase
Jan 15, 2016
CVSS 9.8
EPSS 0.71
CVE-2015-3613 CRITICAL
FortiManager <5.2.1 & <5.0.10 - Info Disclosure
Feb 04, 2020
CVSS 9.8
EPSS 0.02
CVE-2015-3612 MEDIUM
FortiManager < 5.0.10 - Cross-Site Scripting via FortiWeb Auto Update Service Page
Feb 04, 2020
CVSS 5.4
EPSS 0.01
CVE-2015-3611 HIGH
FortiManager <5.2.1 & <5.0.10 - Command Injection
Feb 04, 2020
CVSS 8.8
EPSS 0.06
CVE-2015-3617 HIGH
Fortinet FortiManager <5.0.11, <5.2.2 - Privilege Escalation
Aug 22, 2017
CVSS 7.8
EPSS 0.00
CVE-2015-3616 CRITICAL
Fortinet FortiManager <5.0.11, <5.2.2 - SQL Injection
Aug 11, 2017
CVSS 9.8
EPSS 0.02
CVE-2015-3615 MEDIUM
Fortinet FortiManager <5.0.11, <5.2.2 - XSS
Aug 11, 2017
CVSS 5.4
EPSS 0.01
CVE-2015-3614 HIGH
Fortinet FortiManager <5.0.11, <5.2.2 - Info Disclosure
Aug 11, 2017
CVSS 7.5
EPSS 0.02
CVE-2015-7363 MEDIUM
FortiManager and FortiAnalyzer 5.x < 5.0.12, 5.2.x < 5.2.3 - Stored Cross-Site Scripting in Report Filters
Oct 07, 2016
CVSS 5.4
EPSS 0.01
CVE-2015-7360 MEDIUM
FortiSandbox Firmware < 2.1 - Cross-Site Scripting via Multiple WebUI Parameters
May 26, 2016
CVSS 6.1
EPSS 0.02