CVE-2023-46715

CVE-2023-46715 describes an origin validation error (CWE-346) in Fortinet FortiOS IPSec VPN that allows an authenticated VPN user with dynamic IP addressing to spoof another user’s IP by sending crafted packets. Affected products and versions are Fortinet FortiOS IPSec VPN 7.4.0–7.4.1 and 7.2.6 a...

The vulnerability of the SSL-VPN portal for FortiOS operating systems allows a hacker to obtain information about LDAP and SAML configurations.

The vulnerability of the SSL-VPN portal for FortiOS systems is related to the disclosure of information. Exploiting this vulnerability could allow a malicious actor to obtain information about LDAP and SAML configurations...

The vulnerability of the SSL-VPN portal for operating systems FortiOS and the proxy server used for protecting against internet attacks by FortiProxy allows attackers to induce a service failure.

The vulnerability of the SSL-VPN portal for FortiOS operating systems and the FortiProxy proxy server used to protect against internet attacks is related to access to an uninitialized pointer. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending a...

CVE-2017-14186

A Cross-site Scripting XSS vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack...