628 matches found
Fortinet FortiOS 信息泄露漏洞
Fortinet FortiOS is a security operating system developed by the American company Fortinet, specifically designed for use on the FortiGate network security platform. This system provides users with various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content...
Fortinet FortiClientWindows 后置链接漏洞
Fortinet FortiClientWindows is a Windows-based mobile device security solution provided by the American company Fortinet. When connected to the FortiGate firewall device, this solution offers features such as IPsec and SSL encryption, wide-area network optimization, terminal compliance, and...
Fortinet Fortigate LDAP authentication bypass in Agentless VPN and FSSO (FG-IR-25-1052)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-1052 advisory. - An Authentication Bypass by Primary Weakness vulnerability CWE-305 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 m...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a security operating system developed by the American company Fortinet, specifically designed for use on the FortiGate network security platform. This system offers users various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content filtering,...
Fortinet Fortigate SSO authentication bypass (FG-IR-26-060)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-060 advisory. - An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 in FortiOS, FortiManager, FortiAnalyzer m...
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have identified a number of cases where the exploit was to a device th...
MAL-2026-453 Malicious code in @fortinet/fortigate-autoscale (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6100c8f444b32630601fbeee65c6af9df19979345ea5dc04740f40356c188e06 The package @fortinet/fortigate-autoscale was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @fortinet/fortigate-autoscale is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
EUVD-2026-4192
Malicious code in @fortinet/fortigate-autoscale npm...
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations
Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026, adding it shares similarities with a December 2025 campaig...
Fortinet Fortigate Heap-based buffer overflow in cw_acd daemon (FG-IR-25-084)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-084 advisory. - A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS...
CVE-2020-12819
A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode i...
Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass
Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on SSO logins on FortiGate appliances on December 12...
CVE-2025-54838
An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...
CVE-2025-54838
An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...
CVE-2025-54838
An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...
CVE-2025-54838
An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...
CVE-2025-54838
Summary: CVE-2025-54838 is an Incorrect Authorization (CWE-863) vulnerability in FortiPortal 7.4.0–7.4.5 that may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests. Affected product/version: FortiPortal 7.4.0 through 7.4.5. Root cause: improper access c...
CVE-2025-54838
An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...
EUVD-2025-202273
An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...