CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2017-3130
https://notcve.org/view.php?id=CVE-2017-3130
10 Aug 2017 — An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. Una vulnerabilidad de divulgación de información en Fortinet FortiOS 5.6.0, 5.4.4 y versiones inferiores permite que un atacante obtenga la información de la versión de FortiOS mediante la inspección de paquetes FortiOS IKE VendorID. • http://www.securityfocus.com/bid/100211 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 8%CPEs: 1EXPL: 2CVE-2017-3132 – Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-3132
28 Jul 2017 — A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. Una vulnerabilidad de tipo Cross-Site Scripting en Fortinet FortiOS en su versión 5.6.0 y anteriores permite que atacantes remotos ejecuten código o comandos sin autorización mediante la entrada de acción durante la activación de un FortiToken. FortiOS versions 5.6.0 and below suffer from multiple cross site ... • https://packetstorm.news/files/id/143543 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 8%CPEs: 1EXPL: 2CVE-2017-3133 – Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-3133
28 Jul 2017 — A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. Una vulnerabilidad de tipo Cross-Site Scripting en Fortinet FortiOS en su versión 5.6.0 y anteriores permite que atacantes remotos ejecuten código o comandos sin autorización mediante el código HTML de los mensajes de reemplazo para SSL-VPN. FortiOS versions 5.6.0 and below suffer from multiple cross site scripting vulnera... • https://packetstorm.news/files/id/143543 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 26EXPL: 0CVE-2017-3128
https://notcve.org/view.php?id=CVE-2017-3128
23 May 2017 — A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. Una vulnerabilidad tipo XSS (Cross-Site-Scripting) almacenado en FortiOS de Fortinet, permite a los atacantes ejecutar código o comandos no autorizados por medio del parámetro policy global-label. • http://www.securityfocus.com/bid/98514 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 26EXPL: 0CVE-2016-7541
https://notcve.org/view.php?id=CVE-2016-7541
30 Mar 2017 — Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected. Las sesiones de larga duración en dispositivos Fortinet FortiGate con FortiOS 5.x en versiones anteriores a 5.4.0 podría violar una política de seguridad durante las actualizaciones de firmas IPS cuando el IPSengine de... • http://fortiguard.com/advisory/FG-IR-16-088 • CWE-254: 7PK - Security Features •
CVSS: 5.9EPSS: 0%CPEs: 9EXPL: 0CVE-2016-8492
https://notcve.org/view.php?id=CVE-2016-8492
08 Feb 2017 — The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. La implementación de un ANSI X9.31 RNG en Fortinet FortiGate permite a atacantes obtener acceso de lectura no autorizada a los datos manejados por el dispositivo a través de descifrado IPSec/TLS. • http://www.securityfocus.com/bid/94480 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 73%CPEs: 4EXPL: 2CVE-2016-6909 – Fortigate Firewalls - 'EGREGIOUSBLUNDER' Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-6909
24 Aug 2016 — Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER. Desbordamiento de búfer en el analizador Cookie en Fortinet FortiOS 4.x en versiones anteriores a 4.1.11, 4.2.x en versiones anteriores a 4.2.13 y 4.3.x en versiones anteriores a 4.3.9 y FortiSwitch en versiones anteriores a 3.4.3 permite a atacantes remotos ejec... • https://www.exploit-db.com/exploits/40276 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 12%CPEs: 17EXPL: 0CVE-2016-3978
https://notcve.org/view.php?id=CVE-2016-3978
08 Apr 2016 — The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login." La Web User Interface (WebUI) en FortiOS 5.0.x en versiones anteriores a 5.0.13, 5.2.x en versiones anteriores a 5.2.3 y 5.4.x en versiones anteriores a 5.4.0 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios ... • http://seclists.org/fulldisclosure/2016/Mar/68 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 81%CPEs: 10EXPL: 5CVE-2016-1909 – Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor Access
https://notcve.org/view.php?id=CVE-2016-1909
15 Jan 2016 — Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session. Fortinet FortiAnalyzer en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.5; FortiSwitch 3.3.x en versiones anteriores a 3.3... • https://packetstorm.news/files/id/181222 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3626
https://notcve.org/view.php?id=CVE-2015-3626
11 Aug 2015 — Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname. Vulnerabilidad de XSS en la página DHCP Monitor en la Web User Interface (WebUI) en Fortinet FortiOS en versiones anteriores a 5.2.4 en dispositivos FortiGate permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de host... • http://fortiguard.com/advisory/dhcp-hostname-html-injection • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •