- How many CVEs does Fortinet have?
- Fortinet has 1,140 published CVE records since 2005, including 330 in the last two years.
- How many Fortinet CVEs are in CISA KEV?
- Yes — 28 of Fortinet's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Fortinet products have the most CVEs?
- The Fortinet products with the most published CVEs are FortiOS, FortiProxy, FortiWeb, FortiManager, FortiAnalyzer.
- What are the most common weakness types in Fortinet CVEs?
- Fortinet's CVEs most often map to these CWE weakness types: CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-284 (Improper Access Control).
- Are there public exploits for Fortinet vulnerabilities?
- Yes — 73 of Fortinet's CVEs have a known public exploit.
- How many critical Fortinet vulnerabilities are there?
- Fortinet has 131 critical and 424 high-severity CVEs.
- What is the average severity of Fortinet CVEs?
- The average CVSS base score across Fortinet's scored CVEs is 6.9.