Fortinet Inc Fortinet Fortios vulnerabilities

7 known vulnerabilities affecting fortinet_inc/fortinet_fortios.

Total CVEs

7

CISA KEV

0

Public exploits

3

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM5

Vulnerabilities

Page 1 of 1

CVE-2018-13376HIGHCVSS 7.5vFortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions2018-11-27

CVE-2018-13376 [HIGH] CVE-2018-13376: An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 a An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.

CVE-2017-7735MEDIUMCVSS 5.4vFortiOS versions 5.2.0 through 5.2.11, and 5.4.0 through 5.4.42017-09-12

CVE-2017-7735 [MEDIUM] CWE-79 CVE-2017-7735: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 thr A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.

CVE-2017-7734MEDIUMCVSS 5.4vFortiOS versions 5.4.0 through 5.4.42017-09-12

CVE-2017-7734 [MEDIUM] CWE-79 CVE-2017-7734: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attacke A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.

CVE-2017-3133MEDIUMCVSS 6.1PoCvFortiOS versions 5.6.0 and earlier2017-09-12

CVE-2017-3133 [MEDIUM] CWE-79 CVE-2017-3133: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.

CVE-2017-3132MEDIUMCVSS 6.1PoCvFortiOS versions 5.6.0 and earlier2017-09-12

CVE-2017-3132 [MEDIUM] CWE-79 CVE-2017-3132: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.

CVE-2017-3131MEDIUMCVSS 5.4PoCvFortiOS versions 5.4.0 through 5.4.4 and 5.6.02017-09-12

CVE-2017-3131 [MEDIUM] CWE-79 CVE-2017-3131: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allo A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.

CVE-2017-3130HIGHCVSS 7.5vFortiOS 5.6.0, 5.4.4 and below versions2017-08-10

CVE-2017-3130 [HIGH] CWE-200 CVE-2017-3130: An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows a An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.