CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2016-7542
https://notcve.org/view.php?id=CVE-2016-7542
30 Mar 2017 — A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. Un administrador de sólo lectura en dispositivos Fortinet con FortiOS 5.2.x en versiones anteriores a 5.2.10 GA y FortiOS 5.4.x en versiones anteriores a 5.4.2 GA puede tener acceso de lectura-escritura a hashes de contraseña... • http://fortiguard.com/advisory/FG-IR-16-050 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 5%CPEs: 17EXPL: 0CVE-2016-3978
https://notcve.org/view.php?id=CVE-2016-3978
08 Apr 2016 — The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login." La Web User Interface (WebUI) en FortiOS 5.0.x en versiones anteriores a 5.0.13, 5.2.x en versiones anteriores a 5.2.3 y 5.4.x en versiones anteriores a 5.4.0 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios ... • http://seclists.org/fulldisclosure/2016/Mar/68 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •