fortinet security advisories
10 threat alerts tracking vulnerabilities and security advisories that affect fortinet products.
Vulnios monitors fortinet CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent fortinet security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2016-7560 — fortinet — fortiwlc
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary
criticalCVE-2016-7560Critical Vulnerability: CVE-2016-4573 — fortinet — fortiswitch, fsw-1024d
Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-5
criticalCVE-2016-4573Critical Vulnerability: CVE-2016-6909 — fortinet — fortios, fortiswitch
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code v
criticalCVE-2016-6909Critical Vulnerability: CVE-2016-1909 — fortinet — fortios
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 an
criticalCVE-2016-1909Critical Vulnerability: CVE-2017-14189 — fortinet — fortiweb_manager
An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.
criticalCVE-2017-14189Critical Vulnerability: CVE-2015-3616 — fortinet — fortimanager_firmware, fortimanager_2000e
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
criticalCVE-2015-3616Critical Vulnerability: CVE-2017-7336 — fortinet — fortiwlm
A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.
criticalCVE-2017-7336Critical Vulnerability: CVE-2017-7337 — fortinet — fortiportal
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen sess
criticalCVE-2017-7337Critical Vulnerability: CVE-2016-8491 — fortinet — fortiwlc
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
criticalCVE-2016-8491Critical Vulnerability: CVE-2026-21643 — fortinet — forticlientems
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized cod
criticalCVE-2026-21643
Track fortinet exposure across your environment
Vulnios automatically cross-references your asset inventory against new fortinet CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan