cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-6648,https://securityvulnerability.io/vulnerability/CVE-2020-6648,Cleartext Storage Vulnerability in FortiOS and FortiProxy by Fortinet,"A vulnerability exists within FortiOS and FortiProxy that enables an authenticated user to access sensitive information stored in cleartext. By executing the command 'diag sys ha checksum show' through the FortiGate Command Line Interface (CLI), an attacker can retrieve sensitive user data including passwords. This puts the integrity and confidentiality of user accounts at risk, making remediation essential for affected systems.",Fortinet,Fortigate And Fortiproxy,5.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2020-10-21T14:05:55.000Z,0
CVE-2019-15705,https://securityvulnerability.io/vulnerability/CVE-2019-15705,Improper Input Validation in FortiOS SSL VPN Portal,"An improper input validation issue exists in the SSL VPN portal of FortiOS that may lead to service interruptions. Attackers can exploit this vulnerability by sending a specially crafted POST request, potentially allowing an unauthenticated individual to crash the SSL VPN service, resulting in denial of service. Administrators should implement immediate measures to mitigate this vulnerability.",Fortinet,Fortigate,7.5,HIGH,0.0017900000093504786,false,,false,false,false,,,false,false,,2019-11-27T20:38:54.000Z,0
CVE-2019-6693,https://securityvulnerability.io/vulnerability/CVE-2019-6693,FortiOS Configuration Backup Vulnerability in Fortinet Products,"The vulnerability in FortiOS arises from the use of a hard-coded cryptographic key, which compromises the security of sensitive information stored in configuration backup files. Attackers with access to these backup files can decrypt crucial data, including user passwords (excluding the administrator's) and the passphrases for private keys and High Availability setups where applicable. This flaw poses significant risks for organizations relying on FortiOS for their operations.",Fortinet,Fortigate,6.5,MEDIUM,0.0008099999977275729,false,,false,false,true,2023-12-08T11:00:40.000Z,true,false,false,,2019-11-21T15:08:05.000Z,0
CVE-2016-8492,https://securityvulnerability.io/vulnerability/CVE-2016-8492,,The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.,Fortinet,Fortinet Fortigate,5.9,MEDIUM,0.0010600000387057662,false,,false,false,false,,,false,false,,2017-02-08T16:00:00.000Z,0
CVE-2013-1414,https://securityvulnerability.io/vulnerability/CVE-2013-1414,,"Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.",Fortinet,"Fortios,Fortigate-1000c,Fortigate-100d,Fortigate-110c,Fortigate-1240b,Fortigate-200b,Fortigate-20c,Fortigate-300c,Fortigate-3040b,Fortigate-310b,Fortigate-311b,Fortigate-3140b,Fortigate-3240c,Fortigate-3810a,Fortigate-3950b,Fortigate-40c,Fortigate-5001a-sw,Fortigate-5001b,Fortigate-5020,Fortigate-5060,Fortigate-50b,Fortigate-5101c,Fortigate-5140b,Fortigate-600c,Fortigate-60c,Fortigate-620b,Fortigate-800c,Fortigate-80c,Fortigate-voice-80c,Fortigaterugged-100c",,,0.0033499998971819878,false,,false,false,false,,,false,false,,2013-07-08T17:55:00.000Z,0
CVE-2012-4948,https://securityvulnerability.io/vulnerability/CVE-2012-4948,,"The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.",Fortinet,"Fortigate-3140b,Fortigate-60c,Fortigate-3040b,Fortigate-300c,Fortigate-600c,Fortigate-5001a-sw,Fortigate-3240c,Fortigate-310b,Fortigate-800c,Fortigate-5020,Fortigate-100d,Fortigate-50b,Fortigate-3810a,Fortigate-voice-80c,Fortigate-1000c,Fortigate-5101c,Fortigate-1240b,Fortigate-80c,Fortigaterugged-100c,Fortigate-3950b,Fortigate-110c,Fortigate-5140b,Fortigate-5060,Fortigate-311b,Fortigate-620b,Fortigate-20c,Fortigate-200b,Fortigate-40c,Fortigate-5001b",,,0.0006200000061653554,false,,false,false,false,,,false,false,,2012-11-14T11:00:00.000Z,0
CVE-2008-7161,https://securityvulnerability.io/vulnerability/CVE-2008-7161,,"Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header.  NOTE: this issue might be related to CVE-2005-3058.",Fortinet,Fortigate-1000,,,0.021789999678730965,false,,false,false,false,,,false,false,,2009-09-04T10:00:00.000Z,0