312 matches found
The vulnerability of the Virtual Domains (VDOM) virtualization technology in operating systems FortiOS and proxy servers for protecting against Internet attacks by FortiProxy allows attackers to increase their privileges.
The vulnerability of the Virtual Domains VDOM virtualization technology in operating systems FortiOS and proxy servers for protecting against Internet attacks via FortiProxy is related to errors in processing relative path operations to directories. Exploiting this vulnerability can allow attacke...
The vulnerability of the FortiOS operating systems arises from incorrect restrictions on path names to restricted directories, allowing attackers to read and write arbitrary files.
The vulnerability of the FortiOS operating systems is related to incorrect restrictions on path names to restricted directories. Exploiting this vulnerability allows an attacker to read and write arbitrary files by executing commands in the command line interface...
New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access
Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610 , is rated 9.3 out of 10 for severity and was internally...
The vulnerability of the FortiOS operating system and the centralized authentication and access control solution FortiAuthenticator, which involves unencrypted storage of confidential information, allows attackers to gain unauthorized access to protected data.
The vulnerability of the FortiOS operating system and the centralized identity authentication and access control solution FortiAuthenticator is related to the unencrypted storage of confidential information. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorize...
CVE-2022-42472
A improper neutralization of crlf sequences in http headers 'http response splitting' in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10,...
CVE-2022-29054
A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it...
Fortinet FortiOS 信任管理问题漏洞
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists ...
The vulnerability of Fortinet FortiOS operating systems arises from the incorrect assignment of permissions to critical resources, allowing attackers to obtain login credentials for accessing the LDAP server.
The vulnerability of Fortinet FortiOS operating systems is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain login credentials for accessing the LDAP server through a specially crafted...
The vulnerability in the web interface of the FortiOS operating system allows a hacker to gain access to the device.
The vulnerability of the FortiOS operating system’s web interface is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to gain access to the device by sending a specially crafted Access-Challenge response from the Radius server...
PT-2022-5771 · Fortinet · Fortiproxy +1
Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.0 through 7.2.0 FortiOS versions 6.2 through 6.4.9 FortiProxy versions 1.2.0 through 2.0.10 FortiProxy versions 7.0.0 through 7.0.5 Description: The issue is related to an authentication bypass by assumed-immutable data...
CVE-2022-38380
An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API...
CVE-2022-30307
A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack...
PT-2022-6025 · Fortinet · Fortios
Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.2.0 and below FortiOS versions 7.0.6 and below FortiOS versions 6.4.9 and below Description: The issue is related to errors in managing the RSA SSH cryptographic key, which may allow a remote attacker to perform a...
The vulnerability of the command-line interface (CLI) of FortiOS operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the command-line interface CLI of FortiOS operating systems is related to the use of rigidly encrypted credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the FortiOS operating system arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.
The vulnerability of the FortiOS operating system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Vulnerabilities fixed in Fortinet products
Forinet has fixed vulnerabilities in FortiOS, FortiAP, and FortiMail. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...
CVE-2022-29053
A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it...
PT-2022-11772 · Fortinet · Fortios
Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4.0 through 6.4.9 FortiOS versions 7.0.0 through 7.0.5 FortiOS version 7.2.0 Description: The issue is related to an improper neutralization of input during web page generation, which may allow an authenticated attacker to...
CVE-2022-23442
An improper access control vulnerability CWE-284 in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands...
The vulnerability of the FortiOS operating system, related to the unencrypted storage of confidential information, allows attackers to obtain user credentials when a user logs into the system.
The vulnerability of the FortiOS operating system is related to the unencrypted storage of confidential information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain the login credentials of users who access the system...