| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-13402 |
254 |
|
|
2019-07-07 |
2019-07-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset. |
|
2 |
CVE-2019-13401 |
352 |
|
CSRF |
2019-07-07 |
2019-07-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/. |
|
3 |
CVE-2019-13400 |
255 |
|
|
2019-07-07 |
2019-07-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info. |
|
4 |
CVE-2019-13399 |
798 |
|
|
2019-07-07 |
2019-07-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation. |
|
5 |
CVE-2019-13398 |
77 |
|
Exec Code |
2019-07-07 |
2019-07-09 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi. |
|
6 |
CVE-2019-5594 |
79 |
|
XSS |
2019-08-23 |
2019-08-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. |
|
7 |
CVE-2019-5590 |
79 |
|
Exec Code XSS |
2019-08-28 |
2019-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form. |
|
8 |
CVE-2019-5589 |
426 |
|
Exec Code |
2019-05-28 |
2019-05-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory. |
|
9 |
CVE-2019-5588 |
79 |
|
Exec Code XSS |
2019-06-04 |
2019-06-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests. |
|
10 |
CVE-2019-5587 |
20 |
|
|
2019-06-04 |
2019-06-06 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods. |
|
11 |
CVE-2019-5586 |
79 |
|
Exec Code XSS |
2019-06-04 |
2019-06-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests. |
|
12 |
CVE-2018-13384 |
601 |
|
|
2019-06-04 |
2019-06-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains. |
|
13 |
CVE-2018-13383 |
119 |
|
Overflow |
2019-05-29 |
2019-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A heap buffer overflow in Fortinet FortiOS all versions below 6.0.5 in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages. |
|
14 |
CVE-2018-13382 |
285 |
|
|
2019-06-04 |
2019-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests. |
|
15 |
CVE-2018-13381 |
119 |
|
Overflow |
2019-06-04 |
2019-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads. |
|
16 |
CVE-2018-13380 |
79 |
|
Exec Code XSS |
2019-06-04 |
2019-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. |
|
17 |
CVE-2018-13379 |
22 |
|
Dir. Trav. |
2019-06-04 |
2019-09-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. |
|
18 |
CVE-2018-13378 |
200 |
|
+Info |
2019-04-17 |
2019-04-17 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. |
|
19 |
CVE-2018-13376 |
|
|
|
2018-11-27 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. |
|
20 |
CVE-2018-13375 |
79 |
|
Exec Code XSS |
2019-05-28 |
2019-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled). |
|
21 |
CVE-2018-13374 |
732 |
|
|
2019-01-22 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A Improper Access Control in Fortinet FortiOS allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one. |
|
22 |
CVE-2018-13368 |
264 |
|
Exec Code |
2019-05-30 |
2019-05-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection. |
|
23 |
CVE-2018-13367 |
200 |
|
+Info |
2019-08-23 |
2019-08-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information exposure vulnerability in FortiOS 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. |
|
24 |
CVE-2018-13366 |
200 |
|
+Info |
2019-04-09 |
2019-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. |
|
25 |
CVE-2018-13365 |
200 |
|
+Info |
2019-05-29 |
2019-05-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. |
|
26 |
CVE-2018-9194 |
203 |
|
|
2018-09-05 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used. |
|
27 |
CVE-2018-9193 |
264 |
|
Exec Code |
2019-05-30 |
2019-05-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file. |
|
28 |
CVE-2018-9192 |
203 |
|
|
2018-09-05 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. |
|
29 |
CVE-2018-9191 |
264 |
|
Exec Code |
2019-05-30 |
2019-05-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates. |
|
30 |
CVE-2018-9190 |
476 |
|
DoS |
2019-02-08 |
2019-06-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver. |
|
31 |
CVE-2018-9185 |
200 |
|
+Info |
2018-07-05 |
2018-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. |
|
32 |
CVE-2018-1360 |
319 |
|
|
2019-04-25 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. |
|
33 |
CVE-2018-1355 |
601 |
|
|
2018-06-27 |
2018-09-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. |
|
34 |
CVE-2018-1354 |
732 |
|
|
2018-06-27 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. |
|
35 |
CVE-2018-1353 |
200 |
|
+Info |
2018-09-05 |
2018-10-25 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. |
|
36 |
CVE-2018-1351 |
79 |
|
Exec Code XSS |
2018-06-28 |
2018-08-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0 and below versions allows attacker to execute HTML/javascript code via managed remote devices' CLI commands by viewing the remote device CLI config installation log. |
|
37 |
CVE-2017-17544 |
281 |
|
|
2019-04-09 |
2019-10-02 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
A privilege escalation vulnerability in Fortinet FortiOS before 5.6.11 and 6.x before 6.2.0 allows admin users to elevate their profile to super_admin via restoring modified configurations. |
|
38 |
CVE-2017-17543 |
326 |
|
|
2018-04-26 |
2018-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms. |
|
39 |
CVE-2017-17541 |
79 |
|
XSS |
2018-07-16 |
2018-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. |
|
40 |
CVE-2017-14191 |
|
|
Bypass |
2018-03-20 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie. |
|
41 |
CVE-2017-14190 |
79 |
|
XSS |
2018-01-29 |
2018-02-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests. |
|
42 |
CVE-2017-14189 |
521 |
|
|
2017-11-29 |
2019-10-02 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password. |
|
43 |
CVE-2017-14187 |
269 |
|
Exec Code |
2018-05-24 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. |
|
44 |
CVE-2017-14186 |
79 |
|
XSS |
2017-11-29 |
2019-05-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter. |
|
45 |
CVE-2017-14185 |
200 |
|
+Info |
2018-05-25 |
2018-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal. |
|
46 |
CVE-2017-14182 |
20 |
|
DoS |
2017-10-27 |
2017-10-31 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API. |
|
47 |
CVE-2017-7739 |
79 |
|
XSS |
2017-11-13 |
2017-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim. |
|
48 |
CVE-2017-7738 |
200 |
|
+Info |
2017-12-13 |
2017-12-26 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. |
|
49 |
CVE-2017-7737 |
200 |
|
+Info |
2017-08-10 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. |
|
50 |
CVE-2017-7736 |
79 |
|
XSS |
2017-11-22 |
2017-12-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import. |
