Filtered by vendor Fortinet
Subscribe
Total
548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13368 | 1 Fortinet | 1 Forticlient | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection. | |||||
| CVE-2019-5592 | 1 Fortinet | 1 Fortios Ips Engine | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position. | |||||
| CVE-2018-9191 | 1 Fortinet | 1 Forticlient | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates. | |||||
| CVE-2018-9193 | 1 Fortinet | 1 Forticlient | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file. | |||||
| CVE-2019-13398 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi. | |||||
| CVE-2019-13400 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info. | |||||
| CVE-2019-13402 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset. | |||||
| CVE-2019-15704 | 1 Fortinet | 1 Forticlient | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway. | |||||
| CVE-2019-15707 | 1 Fortinet | 1 Fortimail | 2020-08-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for. | |||||
| CVE-2019-16155 | 1 Fortinet | 1 Forticlient | 2020-08-24 | 6.6 MEDIUM | 7.1 HIGH |
| A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite. | |||||
| CVE-2019-15711 | 1 Fortinet | 1 Forticlient | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. | |||||
| CVE-2020-6644 | 1 Fortinet | 1 Fortideceptor | 2020-06-28 | 6.8 MEDIUM | 8.1 HIGH |
| An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. | |||||
| CVE-2020-9288 | 1 Fortinet | 1 Fortiwlc | 2020-06-26 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile. | |||||
| CVE-2019-16150 | 1 Fortinet | 1 Forticlient | 2020-06-09 | 5.0 MEDIUM | 5.5 MEDIUM |
| Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key. | |||||
| CVE-2020-9292 | 1 Fortinet | 1 Fortisiem Windows Agent | 2020-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path. | |||||
| CVE-2020-6640 | 1 Fortinet | 1 Fortianalyzer | 2020-06-07 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area. | |||||
| CVE-2019-15709 | 1 Fortinet | 3 Fortiap-s, Fortiap-u, Fortiap-w2 | 2020-06-03 | 8.5 HIGH | 6.5 MEDIUM |
| An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI. | |||||
| CVE-2018-13367 | 1 Fortinet | 1 Fortios | 2020-06-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. | |||||
| CVE-2017-14184 | 1 Fortinet | 2 Forticlient, Forticlient Sslvpn Client | 2020-05-11 | 4.0 MEDIUM | 8.8 HIGH |
| An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. | |||||
| CVE-2017-17543 | 1 Fortinet | 2 Forticlient, Forticlient Sslvpn Client | 2020-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms. | |||||