CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-3133 – Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-3133
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. Una vulnerabilidad de tipo Cross-Site Scripting en Fortinet FortiOS en su versión 5.6.0 y anteriores permite que atacantes remotos ejecuten código o comandos sin autorización mediante el código HTML de los mensajes de reemplazo para SSL-VPN. FortiOS versions 5.6.0 and below suffer from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/42388 http://www.securityfocus.com/bid/100009 http://www.securitytracker.com/id/1039020 https://fortiguard.com/advisory/FG-IR-17-104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 9EXPL: 0CVE-2016-8492
https://notcve.org/view.php?id=CVE-2016-8492
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. La implementación de un ANSI X9.31 RNG en Fortinet FortiGate permite a atacantes obtener acceso de lectura no autorizada a los datos manejados por el dispositivo a través de descifrado IPSec/TLS. • http://www.securityfocus.com/bid/94480 https://fortiguard.com/advisory/FG-IR-16-067 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 68%CPEs: 10EXPL: 4CVE-2016-1909 – Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor Access
https://notcve.org/view.php?id=CVE-2016-1909
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session. Fortinet FortiAnalyzer en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.5; FortiSwitch 3.3.x en versiones anteriores a 3.3.3; FortiCache 3.0.x en versiones anteriores a 3.0.8; y FortiOS 4.1.x en versiones anteriores a 4.1.11, 4.2.x en versiones anteriores a 4.2.16, 4.3.x en versiones anteriores a 4.3.17 y 5.0.x en versiones anteriores a 5.0.8 tienen una frase de contraseña embebida para la cuenta Fortimanager_Access, lo que permite a atacantes remotos obtener acceso administrativo a través de una sesión SSH. • https://www.exploit-db.com/exploits/43386 http://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios http://packetstormsecurity.com/files/135225/FortiGate-OS-5.0.7-SSH-Backdoor.html http://seclists.org/fulldisclosure/2016/Jan/26 http://www.fortiguard.com/advisory/multiple-products-ssh-undocumented-login-vulnerability http://www.securitytracker.com/id/1034663 https://twitter.com/esizkur/status/686842135501508608 https://www.exploit-db.com/exploits/39224 https://seclists.org/ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3626
https://notcve.org/view.php?id=CVE-2015-3626
Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname. Vulnerabilidad de XSS en la página DHCP Monitor en la Web User Interface (WebUI) en Fortinet FortiOS en versiones anteriores a 5.2.4 en dispositivos FortiGate permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de host manipulado. • http://fortiguard.com/advisory/dhcp-hostname-html-injection http://www.fortiguard.com/advisory/FG-IR-15-018 http://www.fortiguard.com/advisory/dhcp-hostname-html-injection http://www.securitytracker.com/id/1033144 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5965
https://notcve.org/view.php?id=CVE-2015-5965
The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field. Vulnerabilidad en la funciionalidad SSL-VPN en Fortinet FortiOS en versiones anteriores a 4.3.13, sólo comprueba el primer byte de la TLS MAC en los mensajes finalizados, lo que hace que sea más fácil para atacantes remotos suplantar el contenido cifrado a través de un campo MAC manipulado. • http://www.fortiguard.com/advisory/FG-IR-15-016 http://www.securityfocus.com/bid/76065 http://www.securitytracker.com/id/1033256 https://security.gentoo.org/glsa/201508-01 https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends • CWE-20: Improper Input Validation •