The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Fortinet FortiOS

FortiOS: open redirect via Admin WebUI Initial Password Change
An attacker can deceive the user via Admin WebUI Initial Password Change of FortiOS, in order to redirect him to a malicious site...
CERTFR-2020-AVI-097, CVE-2019-6696, FG-IR-19-179, VIGILANCE-VUL-31633
FortiOS, FortiAnalyzer, FortiManager: denial of service via Slow HTTP
An attacker can trigger a fatal error via Slow HTTP of FortiOS, FortiAnalyzer, FortiManager, in order to trigger a denial of service...
CERTFR-2020-AVI-068, CVE-2019-17657, FG-IR-19-013, VIGILANCE-VUL-31506
Fortigate SSL VPN: privilege escalation via Credential Plaintext Storage
An attacker can bypass restrictions via Credential Plaintext Storage of Fortigate SSL VPN, in order to escalate his privileges...
CERTFR-2020-AVI-058, CVE-2019-17655, FG-IR-19-217, VIGILANCE-VUL-31441
FortiGate: Cross Site Scripting via DHCP Monitor Page
An attacker can trigger a Cross Site Scripting via DHCP Monitor Page of FortiGate, in order to run JavaScript code in the context of the web site...
CERTFR-2019-AVI-589, CVE-2019-6697, VIGILANCE-VUL-30963
FortiOS: Man-in-the-Middle via FortiGuard Services Communication Hard-coded Cryptographic Key
An attacker can act as a Man-in-the-Middle via FortiGuard Services Communication Hard-coded Cryptographic Key on FortiOS, in order to read or write data in the session...
CERTFR-2019-AVI-581, CVE-2018-9195, FG-IR-18-100, SA-20191125-0, VIGILANCE-VUL-30916
FortiOS: information disclosure via Backup Hard-coded Cryptographic Key
An attacker can bypass access restrictions to data via Backup Hard-coded Cryptographic Key of FortiOS, in order to obtain sensitive information...
CERTFR-2019-AVI-584, CVE-2019-6693, FG-IR-19-007, VIGILANCE-VUL-30915
FortiOS: information disclosure via Private Keys
An attacker can bypass access restrictions to data via Private Keys of FortiOS, in order to obtain sensitive information...
CERTFR-2019-AVI-573, CVE-2019-5593, FG-IR-19-134, VIGILANCE-VUL-30889
FortiOS: information disclosure via DRBG Unsufficient Entropy
An attacker can bypass access restrictions to data via DRBG Unsufficient Entropy of FortiOS, in order to obtain sensitive information...
CERTFR-2019-AVI-523, CVE-2019-15703, FG-IR-19-186, VIGILANCE-VUL-30682
FortiOS: Cross Site Scripting via SSL VPN Portal
An attacker can trigger a Cross Site Scripting via SSL VPN Portal of FortiOS, in order to run JavaScript code in the context of the web site...
CERTFR-2019-AVI-239, CVE-2018-13380, FG-IR-18-383, VIGILANCE-VUL-30135
FortiOS: information disclosure via WEB UI JavaScript Parsing
An attacker can bypass access restrictions to data via WEB UI JavaScript Parsing of FortiOS, in order to obtain sensitive information...
CERTFR-2019-AVI-378, CVE-2018-13367, FG-IR-18-173, VIGILANCE-VUL-30002
Our database contains other pages. You can request a free trial to read them.

Display information about Fortinet FortiOS: