PT-2025-2745 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.4.0 through 7.4.4 FortiOS version 7.6.0 Description: An issue in FortiOS allows an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting requests. This i...

Fortinet FortiOS 代码问题漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A code issue...

Fortinet Fortigate Out of bounds read in ipsec ike (FG-IR-24-266)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-266 advisory. - An Out-of-bounds Read vulnerability CWE-125 in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and...

Fortinet FortiOS 访问控制错误漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An access control...

VulnCheck KEV: CVE-2024-55591

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module...

Fortinet FortiOS和FortiProxy 安全漏洞

Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc.Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module...

Fortinet FortiOS 缓冲区错误漏洞

Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A buffer...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A securit...

PT-2025-2945 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 6.4.0 through 6.4.15 Fortinet FortiOS versions 7.0.0 through 7.0.16 Fortinet FortiOS versions 7.2.0 through 7.2.10 Fortinet FortiOS versions 7.4.0 through 7.4.6 Fortinet FortiOS version 7.6.0 Description: The issue i...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS has a security...

PT-2025-3014 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.2.0 through 7.6.0 FortiProxy versions 7.2.0 through 7.4.5 Description: The issue is related to an improper neutralization of crlf sequences in http headers, also known as 'http response splitting'. This allows an...

CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...

Fortinet Fortigate Multipart Form Data DoS (FG-IR-24-219)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-219 advisory. - An allocation of resources without limits or throttling vulnerability CWE-770 in FortiOS versions 7.4.0 through 7.4.4,...

CVE-2020-12820

Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon fcnacd and potentially execute arbitrary code via requesting a large FortiClien...

CVE-2020-12820

Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon fcnacd and potentially execute arbitrary code via requesting a large FortiClien...

CVE-2020-12820

Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon fcnacd and potentially execute arbitrary code via requesting a large FortiClien...

CVE-2020-12820

Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon fcnacd and potentially execute arbitrary code via requesting a large FortiClien...

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

cve-2024-21762-poc CVE-2024-21762 is a critical vulnerability...

Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy

FortiOS and FortiProxy Format String Vulnerability to RCE CV...