Vulnerabilities (CVE)

Filtered by vendor Fortinet Subscribe
Total 851 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-1456 1 Fortinet 1 Fortiauthenticator 2025-04-12 4.0 MEDIUM N/A
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.
CVE-2016-7560 1 Fortinet 1 Fortiwlc 2025-04-12 10.0 HIGH 9.8 CRITICAL
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
CVE-2015-3626 1 Fortinet 1 Fortios 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname.
CVE-2016-3195 1 Fortinet 2 Fortianalyzer Firmware, Fortimanager Firmware 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-7362 1 Fortinet 1 Forticlient 2025-04-12 7.2 HIGH 7.8 HIGH
Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program.
CVE-2014-2334 1 Fortinet 1 Fortianalyzer Firmware 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
CVE-2015-3620 1 Fortinet 2 Fortianalyzer Firmware, Fortimanager Firmware 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-3978 1 Fortinet 1 Fortios 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login."
CVE-2015-1453 1 Fortinet 1 Forticlient 2025-04-12 5.0 MEDIUM N/A
The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences.
CVE-2014-2216 1 Fortinet 1 Fortios 2025-04-12 7.5 HIGH N/A
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request.
CVE-2014-8617 1 Fortinet 1 Fortimail 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol.
CVE-2016-5092 1 Fortinet 1 Fortiweb 2025-04-12 4.0 MEDIUM 4.9 MEDIUM
Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature.
CVE-2014-0331 1 Fortinet 9 Fortiadc-1000e, Fortiadc-1500d, Fortiadc-2000d and 6 more 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/.
CVE-2016-1909 1 Fortinet 1 Fortios 2025-04-12 10.0 HIGH 9.8 CRITICAL
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
CVE-2015-1880 1 Fortinet 1 Fortios 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4968 1 Fortinet 1 Fortiwan 2025-04-12 4.0 MEDIUM 6.5 MEDIUM
The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.
CVE-2015-1571 1 Fortinet 1 Fortios 2025-04-12 4.3 MEDIUM N/A
The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the Fortinet_Factory certificate and private key. NOTE: FG-IR-15-002 says "The Fortinet_Factory certificate is unique to each device ... An attacker cannot therefore stage a MitM attack.
CVE-2015-7361 1 Fortinet 1 Fortios 2025-04-12 9.3 HIGH N/A
FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.
CVE-2015-1457 1 Fortinet 1 Fortiauthenticator 2025-04-12 4.9 MEDIUM N/A
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.
CVE-2015-2281 1 Fortinet 1 Single Sign On 2025-04-12 7.5 HIGH N/A
Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.