CVE-2013-1414 CVSS:4.3

Fortinet FortiGate is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the shutdown page. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2012-4948 CVSS:4.3

Fortigate UTM appliances could allow a remote attacker to bypass security restrictions, caused by the sharing of the same self-signed Fortigate CA certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, a remote attacker could exploit this vulnerability using man-in-the-middle techniques to gain unauthorized access to the system to eavesdrop on encrypted communications.

CVE-2008-7161 CVSS:7.5

Fortinet FortiGate could allow a remote attacker to bypass security restrictions. An attacker could send a specially-crafted GET or POSt request to bypass the URL blocking feature and gain access to prohibited Websites.

CVE-2014-2216 CVSS:5

Fortinet FortiGate is vulnerable to a denial of service, caused by an error in the protocol service. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause a denial of service and possibly execute arbitrary code on the system.

CVE-2012-6347 CVSS:6.1

FortiGate FortiDB is vulnerable to multiple cross-site scripting, caused by improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability using the 'conversationContext' to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2015-3626 CVSS:6.1

Fortinet FortiGate/FortiOS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DHCP Monitor WebUI. A remote attacker could exploit this vulnerability using the hostname field to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.