Lucene search
K

312 matches found

BDU FSTEC
BDU FSTEC
added 2023/03/20 12:0 a.m.9 views

The vulnerability of the Virtual Domains (VDOM) virtualization technology in operating systems FortiOS and proxy servers for protecting against Internet attacks by FortiProxy allows attackers to increase their privileges.

The vulnerability of the Virtual Domains VDOM virtualization technology in operating systems FortiOS and proxy servers for protecting against Internet attacks via FortiProxy is related to errors in processing relative path operations to directories. Exploiting this vulnerability can allow attacke...

8.2CVSS7.5AI score0.00217EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/03/15 12:0 a.m.5 views

The vulnerability of the FortiOS operating systems arises from incorrect restrictions on path names to restricted directories, allowing attackers to read and write arbitrary files.

The vulnerability of the FortiOS operating systems is related to incorrect restrictions on path names to restricted directories. Exploiting this vulnerability allows an attacker to read and write arbitrary files by executing commands in the command line interface...

6.7CVSS7.8AI score0.12316EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2023/03/09 5:23 a.m.4 views

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access

Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610 , is rated 9.3 out of 10 for severity and was internally...

9.8CVSS8AI score0.99815EPSS
Exploits9
BDU FSTEC
BDU FSTEC
added 2023/03/01 12:0 a.m.5 views

The vulnerability of the FortiOS operating system and the centralized authentication and access control solution FortiAuthenticator, which involves unencrypted storage of confidential information, allows attackers to gain unauthorized access to protected data.

The vulnerability of the FortiOS operating system and the centralized identity authentication and access control solution FortiAuthenticator is related to the unencrypted storage of confidential information. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorize...

5.3CVSS5.3AI score0.0029EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2023/02/16 7:15 p.m.3 views

CVE-2022-42472

A improper neutralization of crlf sequences in http headers 'http response splitting' in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10,...

5.4CVSS5.8AI score0.00464EPSS
Exploits0References1
OSV
OSV
added 2023/02/16 7:15 p.m.4 views

CVE-2022-29054

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it...

3.3CVSS5.8AI score0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.6 views

Fortinet FortiOS 信任管理问题漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists ...

7.4CVSS7.3AI score0.00276EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/02/15 12:0 a.m.6 views

The vulnerability of Fortinet FortiOS operating systems arises from the incorrect assignment of permissions to critical resources, allowing attackers to obtain login credentials for accessing the LDAP server.

The vulnerability of Fortinet FortiOS operating systems is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain login credentials for accessing the LDAP server through a specially crafted...

4.3CVSS7.9AI score0.38088EPSS
Exploits3References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/12/08 12:0 a.m.8 views

The vulnerability in the web interface of the FortiOS operating system allows a hacker to gain access to the device.

The vulnerability of the FortiOS operating system’s web interface is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to gain access to the device by sending a specially crafted Access-Challenge response from the Radius server...

7.5CVSS7.7AI score0.00889EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2022/12/06 12:0 a.m.4 views

PT-2022-5771 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.0 through 7.2.0 FortiOS versions 6.2 through 6.4.9 FortiProxy versions 1.2.0 through 2.0.10 FortiProxy versions 7.0.0 through 7.0.5 Description: The issue is related to an authentication bypass by assumed-immutable data...

9.8CVSS9.6AI score0.00889EPSS
Exploits0References7
OSV
OSV
added 2022/11/02 12:15 p.m.4 views

CVE-2022-38380

An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API...

4.3CVSS5.8AI score0.22991EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/11/02 12:15 p.m.2 views

CVE-2022-30307

A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack...

8.1CVSS7.2AI score0.00443EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.5 views

PT-2022-6025 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.2.0 and below FortiOS versions 7.0.6 and below FortiOS versions 6.4.9 and below Description: The issue is related to errors in managing the RSA SSH cryptographic key, which may allow a remote attacker to perform a...

8.1CVSS7.8AI score0.00443EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/10/31 12:0 a.m.7 views

The vulnerability of the command-line interface (CLI) of FortiOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the command-line interface CLI of FortiOS operating systems is related to the use of rigidly encrypted credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

7.8CVSS6.6AI score0.05663EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/10/12 12:0 a.m.6 views

The vulnerability of the FortiOS operating system arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the FortiOS operating system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS7.8AI score0.01529EPSS
Exploits0References3Affected Software1
NCSC
NCSC
added 2022/09/07 12:0 a.m.25 views

Vulnerabilities fixed in Fortinet products

Forinet has fixed vulnerabilities in FortiOS, FortiAP, and FortiMail. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...

7.8CVSS6.4AI score0.01265EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/09/06 6:15 p.m.3 views

CVE-2022-29053

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it...

3.3CVSS5.8AI score0.00255EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.6 views

PT-2022-11772 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4.0 through 6.4.9 FortiOS versions 7.0.0 through 7.0.5 FortiOS version 7.2.0 Description: The issue is related to an improper neutralization of input during web page generation, which may allow an authenticated attacker to...

5.4CVSS5.1AI score0.0037EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/08/03 2:15 p.m.6 views

CVE-2022-23442

An improper access control vulnerability CWE-284 in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands...

4.3CVSS5.8AI score0.00472EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/05/31 12:0 a.m.6 views

The vulnerability of the FortiOS operating system, related to the unencrypted storage of confidential information, allows attackers to obtain user credentials when a user logs into the system.

The vulnerability of the FortiOS operating system is related to the unencrypted storage of confidential information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain the login credentials of users who access the system...

5.3CVSS7.2AI score0.00994EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder