Shodan
Vulnerabilities
Vulnerable Software
Fortinet:  Security Vulnerabilities
CVE-2017-7340
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-25
CVE-2018-9190
A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-02-08
CVE-2018-1352
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-02-08
CVE-2018-13374
Known exploited
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
CVSS Score
4.3
EPSS Score
0.035
Published
2019-01-22
CVE-2018-13376
An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.
CVSS Score
7.5
EPSS Score
0.015
Published
2018-11-27
CVE-2018-1353
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-09-05
CVE-2018-9192
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used.
CVSS Score
5.9
EPSS Score
0.002
Published
2018-09-05
CVE-2018-9194
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used.
CVSS Score
5.9
EPSS Score
0.002
Published
2018-09-05
CVE-2017-17541
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-07-16
CVE-2018-9185
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.
CVSS Score
8.1
EPSS Score
0.012
Published
2018-07-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved