| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-13376 |
399 |
|
|
2018-11-27 |
2018-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. |
|
2 |
CVE-2018-9194 |
310 |
|
|
2018-09-05 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used. |
|
3 |
CVE-2018-9192 |
310 |
|
|
2018-09-05 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. |
|
4 |
CVE-2018-9186 |
79 |
|
Exec Code XSS CSRF |
2018-05-31 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator below 5.3.0 versions "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header. |
|
5 |
CVE-2018-9185 |
200 |
|
+Info |
2018-07-05 |
2018-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. |
|
6 |
CVE-2018-1355 |
601 |
|
|
2018-06-27 |
2018-09-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. |
|
7 |
CVE-2018-1354 |
284 |
|
|
2018-06-27 |
2018-08-27 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. |
|
8 |
CVE-2018-1353 |
200 |
|
+Info |
2018-09-05 |
2018-10-25 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. |
|
9 |
CVE-2018-1351 |
79 |
|
Exec Code XSS |
2018-06-28 |
2018-08-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0 and below versions allows attacker to execute HTML/javascript code via managed remote devices' CLI commands by viewing the remote device CLI config installation log. |
|
10 |
CVE-2017-17543 |
326 |
|
|
2018-04-26 |
2018-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms. |
|
11 |
CVE-2017-17541 |
79 |
|
XSS |
2018-07-16 |
2018-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. |
|
12 |
CVE-2017-14190 |
79 |
|
XSS |
2018-01-29 |
2018-02-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests. |
|
13 |
CVE-2017-14189 |
284 |
|
|
2017-11-29 |
2017-12-20 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password. |
|
14 |
CVE-2017-14187 |
264 |
|
Exec Code |
2018-05-24 |
2018-06-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. |
|
15 |
CVE-2017-14186 |
79 |
|
XSS |
2017-11-29 |
2018-09-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.6, 5.2.0 to 5.2.12, 5.0 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter. |
|
16 |
CVE-2017-14185 |
200 |
|
+Info |
2018-05-25 |
2018-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal. |
|
17 |
CVE-2017-14182 |
20 |
|
DoS |
2017-10-27 |
2017-10-31 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API. |
|
18 |
CVE-2017-7739 |
79 |
|
XSS |
2017-11-13 |
2017-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim. |
|
19 |
CVE-2017-7738 |
200 |
|
+Info |
2017-12-13 |
2017-12-26 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. |
|
20 |
CVE-2017-7737 |
200 |
|
+Info |
2017-08-10 |
2017-08-21 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. |
|
21 |
CVE-2017-7736 |
79 |
|
XSS |
2017-11-22 |
2017-12-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import. |
|
22 |
CVE-2017-7735 |
79 |
|
Exec Code XSS |
2017-09-11 |
2017-09-15 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups. |
|
23 |
CVE-2017-7734 |
79 |
|
Exec Code XSS |
2017-09-11 |
2017-09-15 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions. |
|
24 |
CVE-2017-7733 |
79 |
|
Exec Code XSS |
2017-10-27 |
2017-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter. |
|
25 |
CVE-2017-7732 |
79 |
|
XSS |
2017-10-26 |
2017-11-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests. |
|
26 |
CVE-2017-7731 |
640 |
|
|
2017-05-26 |
2017-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. |
|
27 |
CVE-2017-7344 |
264 |
|
+Priv |
2017-12-14 |
2017-12-29 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain. |
|
28 |
CVE-2017-7343 |
601 |
|
Exec Code |
2017-05-26 |
2017-05-31 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. |
|
29 |
CVE-2017-7339 |
79 |
|
Exec Code XSS |
2017-05-26 |
2017-05-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. |
|
30 |
CVE-2017-7338 |
200 |
|
+Info |
2017-05-26 |
2017-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. |
|
31 |
CVE-2017-7337 |
284 |
|
CSRF |
2017-05-26 |
2017-05-31 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. |
|
32 |
CVE-2017-7336 |
798 |
|
Exec Code |
2017-07-22 |
2017-07-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges. |
|
33 |
CVE-2017-7335 |
79 |
|
XSS |
2017-10-26 |
2017-11-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. |
|
34 |
CVE-2017-3134 |
264 |
|
+Priv |
2017-05-26 |
2017-06-08 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'. |
|
35 |
CVE-2017-3133 |
79 |
|
Exec Code XSS |
2017-09-11 |
2017-09-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. |
|
36 |
CVE-2017-3132 |
79 |
|
Exec Code XSS |
2017-09-11 |
2017-09-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. |
|
37 |
CVE-2017-3131 |
79 |
|
Exec Code XSS |
2017-09-11 |
2017-09-15 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView. |
|
38 |
CVE-2017-3130 |
200 |
|
+Info |
2017-08-10 |
2017-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. |
|
39 |
CVE-2017-3129 |
79 |
|
Exec Code XSS |
2017-05-26 |
2017-06-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature. |
|
40 |
CVE-2017-3128 |
79 |
|
Exec Code XSS |
2017-05-23 |
2017-07-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. |
|
41 |
CVE-2017-3127 |
79 |
|
Exec Code XSS |
2017-06-01 |
2017-07-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. |
|
42 |
CVE-2017-3126 |
601 |
|
Exec Code |
2017-05-26 |
2017-07-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. |
|
43 |
CVE-2017-3125 |
79 |
|
XSS |
2017-04-12 |
2017-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker. |
|
44 |
CVE-2016-8495 |
200 |
|
+Info |
2017-02-13 |
2017-07-24 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature. |
|
45 |
CVE-2016-8494 |
264 |
|
Exec Code |
2017-02-09 |
2017-02-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. |
|
46 |
CVE-2016-8493 |
264 |
|
|
2017-06-26 |
2018-01-17 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. |
|
47 |
CVE-2016-8492 |
200 |
|
+Info |
2017-02-08 |
2017-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. |
|
48 |
CVE-2016-8491 |
798 |
|
|
2017-02-01 |
2017-02-24 |
9.4 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
None |
|
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. |
|
49 |
CVE-2016-7561 |
200 |
|
+Info |
2016-10-05 |
2016-12-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. |
|
50 |
CVE-2016-7560 |
798 |
|
|
2016-10-05 |
2016-12-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. |
