11 matches found
CVE-2023-47537
An improper certificate validation vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.6, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel...
CVE-2023-47537
An improper certificate validation vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.6, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel...
Input validation
An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6 and 7.4.0 - 7.4.1 allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch...
CVE-2023-47537
Fortinet FortiOS contains an improper certificate validation vulnerability (CVE-2023-47537) enabling remote unauthenticated MITM on the FortiLink channel between FortiOS and FortiSwitch. Affected: FortiOS 7.4.0–7.4.1, 7.2.0–7.2.6, 7.0.0–7.0.15, and 6.4 all versions. Impact: Confidentiality/Integr...
CVE-2023-47537
An improper certificate validation vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.6, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel...
CVE-2023-47537
An improper certificate validation vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.6, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel...
Vulnerabilities fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS. A unauthenticated malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute arbitrary code on the vulnerable system. Also, a malicious party could potentially gain access to the FortiLink...
Fortinet Fortigate lack of certificate validation (FG-IR-23-301)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-301 advisory. - An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6, 7.4.0 - 7.4.1 and 6.4 a...
PT-2023-8535 · Fortinet · Fortios
Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4 through 7.0.13 FortiOS versions 7.2.0 through 7.2.6 FortiOS versions 7.4.0 through 7.4.1 Description: The issue is related to an improper certificate validation procedure in the FortiLink protocol implementation, allowing...
CVE-2016-4573
Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE...
CVE-2016-4573
Fortinet FortiSwitch devices (FSW-108D/124D/224D/248D/424D/448D/524D/548D/1024D/1048D/3032D/FSW-R-112D-POE, and related FortiLink models) in FortiLink managed mode may expose an authentication bypass on the rest_admin account after upgrading to 3.4.1. The issue requires specific conditions: Forti...