CVSS: 5.9EPSS: 0%CPEs: 9EXPL: 0CVE-2016-8492
https://notcve.org/view.php?id=CVE-2016-8492
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. La implementación de un ANSI X9.31 RNG en Fortinet FortiGate permite a atacantes obtener acceso de lectura no autorizada a los datos manejados por el dispositivo a través de descifrado IPSec/TLS. • http://www.securityfocus.com/bid/94480 https://fortiguard.com/advisory/FG-IR-16-067 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.4EPSS: 0%CPEs: 5EXPL: 0CVE-2016-8491
https://notcve.org/view.php?id=CVE-2016-8491
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. La presencia de una cuenta embebida llamada 'core' en Fortinet FortiWLC permite a atacantes obtener acceso de lectura/escritura no autorizado a través de una shell remota. • http://www.securityfocus.com/bid/94186 https://fortiguard.com/advisory/FG-IR-16-065 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.4EPSS: 0%CPEs: 32EXPL: 0CVE-2015-7363
https://notcve.org/view.php?id=CVE-2015-7363
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. Vulnerabilidad de XSS en la página de configuración avanzada en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.3, en los modelos de hardware con un disco duro y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versiones anteriores a 5.2.3 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con filtros de informe. • http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters http://www.securityfocus.com/bid/93413 http://www.securitytracker.com/id/1036981 http://www.securitytracker.com/id/1036982 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2016-7560
https://notcve.org/view.php?id=CVE-2016-7560
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. El servidor rsyncd en Fortinet FortiWLC 6.1-2-29 y versiones anteriores, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0 y 8.2-4-0 tiene una cuenta rsync embebida, lo que permite a atacantes remotos leer o escribir archivos arbitrarios a través de vectores no especificados. • http://fortiguard.com/advisory/FG-IR-16-029 http://www.securityfocus.com/bid/93286 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2016-7561
https://notcve.org/view.php?id=CVE-2016-7561
Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. Fortinet FortiWLC 6.1-2-29 y versiones anteriores, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0 y 8.2-4-0 permiten a administradores obtener credenciales sensibles de usuarios leyendo el archivo pam.log. • http://fortiguard.com/advisory/FG-IR-16-030 http://www.securityfocus.com/bid/93282 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •