Shodan
Vulnerabilities
Vulnerable Software
Fortinet:  >> Fortios  Security Vulnerabilities
CVE-2017-14182
A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API.
CVSS Score
6.5
EPSS Score
0.015
Published
2017-10-27
CVE-2017-7733
A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-27
CVE-2017-3131
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
CVSS Score
5.4
EPSS Score
0.115
Published
2017-09-12
CVE-2017-3132
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
CVSS Score
6.1
EPSS Score
0.088
Published
2017-09-12
CVE-2017-3133
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
CVSS Score
6.1
EPSS Score
0.087
Published
2017-09-12
CVE-2017-7734
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-09-12
CVE-2017-7735
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-09-12
CVE-2017-3130
An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-08-10
CVE-2017-3127
A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-06-01
CVE-2017-3128
A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.
CVSS Score
4.8
EPSS Score
0.003
Published
2017-05-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved